02 August 2018
Recently, there has been discussion regarding whether or not it is GDPR-compliant to transfer encrypted data on applications based outside of the EU. An example of this is Dropbox, as they have US-based servers, therefore if personal data is transferred through the Dropbox system, then technically it has been transferred…02 August 2018
Imagine the scenario: you hold marketing data, collected from lead generation firms, meetings, seminars etc maintained as a contacts database for marketing purposes. You have already contacted some of the people on this database, but others you have not. In order to comply with the GDPR requirements you need to…01 August 2018
The GDPR law is not the only new European privacy regulation everyone is talking about. There has been a lot of discussion regarding the ePrivacy Regulation, which deals with e-communication, although technically it is a revised version of the ePrivacy Directive or the ‘cookies law’. The ePrivacy Regulation was initially…31 July 2018
In order to reflect the requirements of GDPR, the Article 29 Working Party (WP29) has published the following updated guidelines on Binding Corporate Rules (BCRs): Working Document setting up a table with the elements and principles to be found in Binding Corporate Rules (WP 256) Working Document setting…31 July 2018
Article 28 of the General Data Protection Regulation (GDPR) states the conditions of a data processing agreement between the data controller and the data processor. Recently, this agreement has been brought in to question, regarding its workability and whether it is actually working in the way it is prescribed…30 July 2018
Document management solutions provide: structured organisation and control of documents enable search provide document security, audit, versioning capability to manage retention What they are not necessarily capable of is identifying and separating personally identifiable information (PII) from everything else in each document.30 July 2018
GDPR gives individuals the right to have their personal data deleted, although this is not an 'absolute' right. If you still need to retain the personal data concerned, you may be able to refuse the request. Moreover, the right to erasure does not mean you erase all the data if…30 July 2018
A common scenario involves country-level sites managed by a central team with some in the EU, and some outside. The question is, will all the sites be in scope of GDPR as EU visitors may access any of the sites while visiting those countries?30 July 2018
A media access control (MAC) address of a computer is a unique identifier assigned to network interfaces for communications at the data link layer of a network segment. On page 11, paragraph 2, the WP29 states "it should be noted that these MAC addresses are personal data, even after security…30 July 2018
The Key terms and definitions you need to know: Binding corporate rules: personal Data Protection policies adhered to by controller or processor in the Member State for transfer of personal data to controller or processor in third country Originally devised by Article 29 Working Party to transfer secure large data…To find how our friendly and knowledgeable solicitors can help you, contact us today.
Make a free enquiry - Call now - 0151 659 1070
