Cookies
ePrivacy
Last year I built a cookie check tool that implements a very simple check on whether a website is likely to be compliant with the guidance provided by the Data Protection Commission. (introduced in this blog post).
Since then over 500 sites have been added to the survey set and you can see from the trend chart above three has been some improvement in the grades as sites are improved. Some improvement, but still the majority of the sites achieve only a C grade.
Service
Data Subject Access Request
DSAR
Rights
SME
As a small business you may not expect many data subject access requests. Your may not collect large amounts of personal data from your customers and only process contact information to supply your products or service. How complex can it be to respond to the (perhaps very rare) data subject access request?
The Ask You and a customer have worked on a project with for a period of six months. During this time you collected personal data and correspondence through email, minuted meetings and project documents.
Cookies
ePrivacy
Data Protection
Websites
GDPR
A data controller or data processor is responsible for implementing appropriate technical and operation measures to secure the data for which they are accountable. When these data are stored or processed in a third country (one that is outside the EU/EEA) an international data transfer occurs. The GDPR has specific requirements for international data transfers set out in Chapter V (Articles 44 - 50).
In this blog post, I will discuss when an international data transfer occurs, why it might occur in your company and the GDPR controls required to ensure that these transfers are legitimate.
Cookies
ePrivacy
Data Protection
Websites
GDPR
Perhaps you have a “brochure site” and want to upgrade it or are developing your first website and want avail of the online trading voucher grant.
The data protection risks of a brochure site are minimal. A brochure site is like a flyer with some details and contact information that you leave in a public place hoping that someone interested in what you have to offer happens by, picks up the flyer and domain you.
Cookies
ePrivacy
data protection
web development
The DPC’s Cookie Guidance will have a big impact on web developers. Whether web development is part of your business or you contract the maintenance of your website you should understand these impacts.
In previous posts I have noted the importance of cookies and introduced the Cookie Check tool.
In this post I will focus on how this guidance will impact on companies who develop websites (whether their own or for clients) when enforcement starts on 5th October 2020.
Cookies
ePrivacy
The Cookie Check tool can evaluate if your site is likely to comply with the guidance provided by the Data Protection Commission.
The tool counts the number of cookies that are installed by your website before the cookie notice is acknowledged and based on the number of server and client cookies installed provides a grade in a range from A1 to C3.
While an A1 grade indicates that you are likely compliant it does not check compliance with guidance with respect to the cookie notice, policies or consent management operations and therefore provides no guarantee of compliance.
A visitor’s first experience of how you care for personal data is your cookie notice.
While the ePrivacy regulations govern cookies, they are subject to the consent model defined in the General Data Protection Regulation. The details in your cookie notice, the purposes of your cookies and how you collect consent for those cookies are part of the initial experience visitor have on a website. In these times, the digital front door is frequently the first step that a prospective customer takes in getting to know a new company.
data protection
outside
ePrivacy
What does your data protection posture look like to your employees, customers, and prospective customers? That is data protection from the outside.
A review of the outside edge of your data protection considers the points at which you may be collecting personal data. You can use the Data Protection at the Edge Survey to help identify where personal data is collected.
Premises CCTV cameras collect data as people come into view of the cameras.
Last week, after reviewing the DPIA and other documentation provided by the HSE, I installed the COVID Tracker Ireland app. On the weekend, I was out for dinner with my wife at the Red Torch Ginger in Maynooth. It was our first night out since the COVID lockdown started in March. This article describes how the COVID Tracker App works to aid contact tracing.
While I enjoyed a lovely meal with my wife, the COVID tracker app exchanged identities with any other devices within a two-metre range.
data protection
privacy
personal
laws
In 1980 the OECD published Privacy Guidelines. I was in school. Following the publication, the EC started its journey to regulate the privacy of personal data which culminated in the General Data Protection Regulation in 2016. I grew up, learned about the value of privacy to others (and myself), the value of the GDPR and the risks that it poses to small and medium countries.
Data Protection Programme
As part of the preparation to deliver a service you need to understand all the relationships involved and the part each plays in the service.
Data Protection Programme
A Data Protection Programme coordinates and controls all the activities required to meet the requirements of data protection legislation. It ensures that records of data processing are created and maintained and that the risks of data processing are identified, assessed, and appropriate actions agreed. The programme assures a regular review of the risks and tracks the performance of the plan.