Does Privacy Shield provide adequate protections?

On May 31st the Supreme Court of Ireland denied Facebook’s appeal to avoid referral of its recent case concerning the international transfer of personal data to the European Court of Justice.  You most likely remember the case brought forth by privacy activist and lawyer Max Schrems which questions whether the methods used by technology companies, and ...

Council announces Sanctions Framework for Cyber-attacks

In the Council's effort to deter cyber-attacks constituting an external threat to the EU or Member States, the EU can now impose targeted restrictive measures which include asset freezes on both persons and entities and a ban on people travelling to the EU. Such restricted measures are considered necessary in light of the Common Foreign ...

Irish Data Protection Commission investigates Facebook

On 3 October 2018 the Irish Data Protection Commission (DPC) commenced an investigation into the latest Facebook data breach examining the company's compliance with GDPR obligations concerning the implementation of technical and organisational measures to ensure the security and safeguarding of the personal data it processes. The breach was notified on 28 September 2018 and the investigation ...

Data breaches under the GDPR: A Webinar with Tresorit CEO and co-founder Istvan Lam

Want to know how to handle data breaches under the GDPR? Join me and Tresorit CEO and co-founder Istvan Lam on April 25th 2018 for a webinar where we will help you understand what exactly is considered a data breach under the GDPR, when you have to report an incident and to whom, who is liable for ...

ENISA’s Guidelines for the implementation of minimum security measures for Digital Service Providers

ENISA's "Technical Guidelines for the implementation of minimum security measures for Digital Service Providers" will prove to be extremely useful for businesses. The guidelines spell out minimum security measures and are especially relevant with respect to alignment with the GDPR which only set forth in Article 32 (Security of processing) the obligation of controllers and ...