24 Mar

General Data Protection Regulation

General Data Protection Regulation

The EU General Data Protection Regulation (GDPR) is the most important change in data privacy regulation in 20 years – we’re here to make sure you’re prepared.

After four years of preparation and debate the GDPR was finally approved by the EU Parliament on 14 April 2016. Enforcement date: 25 May 2018 – at which time those organizations in non-compliance may face heavy fines.

The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy.

The General Data Protection Regulation (GDPR) will come into force on the 25th May 2018, replacing the existing data protection framework under the EU Data Protection Directive.
As a regulation, it will not generally require transposition into Irish law (regulations have ‘direct effect’), so organisations involved in data processing of any sort need to be aware the regulation addresses them directly in terms of the obligations it imposes. The GDPR emphasises transparency, security and accountability by data controllers and processors, while at the same time standardising and strengthening the right of European citizens to data privacy.
Raising awareness among organisations and the public aware of the new law will be a combined effort of the Data Protection Commissioner (DPC), the Government, practitioners, and industry and professional representative bodies. Over the course of 2017, the DPC will be proactively undertaking a wide range of initiatives to build awareness of the GDPR, in particular providing guidance to help organisations prepare for the new law which comes into force on 25 May 2018.
The DPC is also an active participant in the Article 29 Working Party (WP29) comprising representatives from each EU member state’s Data Protection authority. The WP29 has a central role in providing further explanatory and practical guidance on key provisions of the GDPR.
Guidance
The DPC has launched a GDPR-specific website www.GDPRandYou.ie with guidance to help individuals and organisations become more aware of their enhanced rights and responsibilities under the General Data Protection Regulation.
The DPC has also prepared an introductory document for organisations to help them as they transition to GDPR: “The GDPR and You”. This document lists 12 steps which organisations should take in order to be GDPR ready by 25 May 2018. It should be noted that the guide is not an exhaustive list and organisations should ensure that their preparations take account of all actions required to bring them into compliance with the new law.
For guidance on whether your organisation needs to appoint a Data Protection Officer, and how to ensure that your DPO is adequately resourced for the role, see the DPC’s Guidance on appropriate Qualifications for Data Protection Officers (GDPR).
24 Nov

Digital Security Certificates (SSL)

Digital Security Certificates (SSL)

Trust is essential in today’s world wide web – even for non-ecommerce sites. Google and many others now recommend that all websites should have a security certificate, and they give priority to those sites that do.

Traditionally, users looked for secure web communications with banks and e-commerce sites, when entering credit card details or personal information. However, several initiatives led by industry and advocacy groups have encouraged the use of ‘HTTPS everywhere’ in recent years.

As the web has become more social, almost all web communication now involves the use of ‘personally identifiable information’ (PII) in some way – even when we’re not actually sharing financial information.

Any piece of compromised information, however small, can be used in ‘social engineering’ attacks to contribute to personation or fraud.

As a result, HTTPS is fast becoming the norm for all web communication, and digital certificates are now an essential requirement. Websites without SSL are increasingly at a disadvantage. Google already ranks such sites lower in search results, and they will soon begin flagging them in red, meaning ‘not secure’, in the Chrome web browser.