Steps to GDPR Compliance: Subject Access Rights

Posted · Add Comment

Step 3 – Subject Access Rights “What you looking at?” Will subject access rights become the Vogue under the GDPR? What changes will there be to the current regime? Based on what we know for now, the GDPR subject access request (“SAR”) process will be similar to that under the current regime. The key changes […]

GDPR_step 2

Steps to GDPR Compliance: Data Mapping

Posted · Add Comment

Step 2 – Data Mapping Follow the yellow brick road Why data map Data mapping should be a key element in any organisation’s compliance strategy, including any pre-employment screening policy. The prospective employer (data controller) can face questions from its candidate base about where their personal data is being sent and how it is used. […]

Privacy S.H.I.E.L.D…the latest summer blockbuster

Posted · Add Comment

It has taken two years but on 12 July 2016 the EU Commission finally adopted the adequacy decision on the Privacy Shield, and from 1 August 2016 entities will be able to certify with the US Department of Commerce. From a strategic perspective US companies (or EU companies doing business in the US) will be […]

Russian Regulator publishes Data Localisation clarifications: one month to go…

Posted · Add Comment

The long requested guidance to interpreting the Russian Data Localisation laws have now been released by the Ministry of Communications, just one month before the new law comes into force, which requires that organisations that collect personal data from individuals in Russia store that data within Russian territory. The guidance is non-binding, but these are […]

EU Data Privacy Reform Update: Make Mine A Skinny To Go…

Posted · Add Comment

“…simplicity and flexibility are key…” if the new EU Regulation is to work as a long term framework for the protection of privacy rights, according to the European Data Protection Supervisor (EDPS). The EDPS strongly advocates a simple and clear text to enable controllers to easily understand their obligations, and its’ proposed text is 30% […]

EU General Data Protection Regulation: one small step for privacy, or a giant leap?

Posted · Add Comment

In our blog post of 16 January 2015 HireRight reported on the progress of the EU data privacy reforms.  Excitingly, the Council of the European Union (“Council”) met their self-declared deadline of agreeing a general approach on the General Data Protection Regulation (“Regulation”) and announced on 15 June 2015 that “we have moved a great […]

EU Reform: the one stop shop…

Posted · Add Comment

On 13 March 2015 during a press conference, the Latvian Presidency of the Council announced that agreement has been reached on a partial general approach in respect to the one stop shop mechanism as well as on the data protection principles, as part of on-going discussions on the draft General Data Protection Regulation (GDPR). What […]

Bulletin: Legal & Compliance – Binding Corporate Rules: a brave new world for data processors?

Posted · Add Comment

On 28th January 2015, the U.K. Information Commissioner’s Office (“ICO”) has cleared binding corporate rules (“BCRs”) in respect to First Data Corp., a global electronic commerce and payment card processing company.  This is the first time the ICO has authorised BCRs for a data processor and the UK is only the third member state to […]