“I worry that we are caught in a DPA (Data Protection Authority) beauty contest of who issues the bigger fine,” said Ireland Data Protection Commissioner Helen Dixon in her keynote
Continue Reading Irish Data Commissioner Discusses Schrems II, Enforcement and Consent
Ireland
Ireland: Employees Subject to Vehicle Tracking Must Be in the Know
Due to the importance of data protection law for employee monitoring practices, a careful and considered approach must be taken when potentially highly intrusive methods, such as tracking employee vehicles,…
Continue Reading Ireland: Employees Subject to Vehicle Tracking Must Be in the Know
Irish DPC Issues New Guidance for Data Controllers on Data Security
Ireland’s Data Protection Commission has published guidance on data security.
Key Takeaways
- The most effective means of mitigating the risk of lost or stolen personal data is not to hold the data in the first place.
- A data controller should always know what personal data they hold, where it is held and how it flows through the organization.
- Data processors are subject to the same security obligations as data controllers.
Access Controls
- A data controller has a duty to limit access to personal data on a “need to know” basis and regularly review access controls.
- Multiple independent levels of authentication may be appropriate where administrators have advanced or extra access to personal data or where they have access or control of other’s account or security data.
- There should be strict controls on the ability to download personal data from an organization’s systems.
Continue Reading Irish DPC Issues New Guidance for Data Controllers on Data Security
That’s Your Opinion, but is it Personal Data?
Are opinions about someone personal data?
Ireland’s Data Protection Commission explains.
Key takeaways:
- An opinion can include personal data.
- If the opinion is not recorded — GDPR does not apply.
…
Continue Reading That’s Your Opinion, but is it Personal Data?
Irish Data Protection Commission Issues Guidance on Right of Access Under GDPR
Ireland’s Data Protection Commission has issued a guidance note on the right of access under the General Data Protection Regulation.
Key takeaways:
- Requests to access data are the majority of
…
Continue Reading Irish Data Protection Commission Issues Guidance on Right of Access Under GDPR
Ireland Issues Data Breach Notification Guidance
The Irish Data Protection Commission has issued guidance on data breach notification under GDPR.
Key takeaways:
A personal data breach is a security incident that negatively impacts the confidentiality, integrity,…
Continue Reading Ireland Issues Data Breach Notification Guidance
Irish Data Protection Commission Issues GDPR Cloud Computing Guidance
The Irish Data Protection Commission has issued guidance on cloud computing. Here are key takeaways for companies and cloud providers:
- You must remain in control of the personal data you
…
Continue Reading Irish Data Protection Commission Issues GDPR Cloud Computing Guidance
Irish Data Protection Commission Clarifies Its Role in Protecting Individuals’ Rights
The Irish Data Protection Commission (DPC) does not have any power to order an organization to pay compensation to an affected data subject.
In the case of administrative fines, any…
Continue Reading Irish Data Protection Commission Clarifies Its Role in Protecting Individuals’ Rights
Ireland Considering Probes of Online Companies’ Handling of Children’s Data
Ireland’s privacy regulator is weighing potential probes into how some online companies handle children’s data.
The Irish privacy office is “scoping” children’s privacy enforcement actions
“There will absolutely have to…
Continue Reading Ireland Considering Probes of Online Companies’ Handling of Children’s Data
Ireland, Poland Offer Guidance on Data Breach Response Under GDPR
The Irish Data Protection Commission and Polish Data Protection Authority have issued guidance on data breach notification under GDPR in which they address the following questions, and more:
- When do
…
Continue Reading Ireland, Poland Offer Guidance on Data Breach Response Under GDPR