The Sea-Change of the Concept of Privacy and its Consequences

"Privacy". It's all the rage nowadays. More and more laws are being drafted for purposes of protecting personally identifiable data, not least the massive upcoming EU General Data Protection Regulation.

But while Privacy may be becoming increasingly valued in the era of "big data" - where giant multi-national corporations devour information to fuel in-house machine learning and other forms of normative Artificial Intelligence - that certainly wasn't always the case. Not until quite recently in fact.

Continue reading

When Do You Actually Need a Data Protection Officer under the GDPR?

You can hear the rumbling on the horizon. That's right, GDPR is coming. But no need to panic; as long as you're aware of what exactly you have to comply with - and make solid, demonstrable steps towards compliance - you should be fine.

So with that in mind, let's focus on one of the absolute key areas of the legislation that has organisations concerned. That's right; appointing a Data Protection Officer. Basically, according to Articles 35-39 you must appoint one in three specified situations:

  • where processing is carried out by a public authority;
  • if the core activities of the controller or processor consist of regular and systematic monitoring of individuals on a large scale; or
  • if the core activities consist of processing special categories of personal data on a large scale.

Now, that may seem simple enough. But statutes always seems simple until you actually have to apply them. For example, what do they mean by "core activities" or "large-scale" or "regular and systematic monitoring"? There's no real body of case law to help us after all.

Continue reading

Personal Data Breaches

What are my Obligations under the GDPR?

Data breaches. Even the phrase itself sends chills down the spines of CISOs and CPOs. Protecting your organisation against such a threat is a key obligation of the upcoming EU General Data Protection Regulation. That responsibility is defined under the so called "security principle" wherein all appropriate safeguards have to be taken to ensure effective information security via best practice standards such as ISO 27001/2 and NIST security controls.

Continue reading

Preparing for GDPR

Preparing for GDPR - What's the Deal on International Data Transfers?

I'm sure you've heard about it by now, but if not - the upcoming EU General Data Protection Regulation puts in place stringent new standards for ensuring adequate safeguards for most international transfers of personal data.

Basically, apart from in all the situations explained later in this article, you can only transfer personal data to other countries by legally protecting it - mainly through "model contractual clauses" issued by the EU Commission or using "binding corporate rules" with specific information requirements to lock into place adequate data protection standards when that data is processed in other countries.

Continue reading

The Spectre of a Potential Security Meltdown

Spectre. Meltdown. These phrases sound like the titles of bad B-Movie action films. But they’re very much real. They’re the name of two massive CPU exploits that were uncovered over the past week (the first week of January 2018). Both are the biggest threats to processing hardware we’ve seen in a long time.

Continue reading