Reviewing the core principles of the GDPR

More than three years after the General Data Protection Regulation was introduced, this article revisits the principles that are fundamental to the GDPR and should be embedded in the privacy policies and practices of every organisation. The principles that lie at the core of the GDPR originate largely from the Data Protection Directive (95/46/EC) and, […]

How Your Company Can Use Privacy as a Competitive Advantage

Many companies view GDPR compliance as a necessary evil rather than an opportunity to improve business models and customer experiences. This article takes a closer look at some of the benefits your organisation can gain from using privacy as a key differentiator in your market. Firstly, it’s essential to understand the scope of the General […]

The Fundamentals of Processing Children’s Data

Every person, no matter their age, has the right to have their personal information protected and used only in a fair and lawful manner. As children may be less aware of their rights, as well as the risks, associated with the processing of their personal data, the General Data Protection Regulation (GDPR) considers children to […]

Appointing a DPO – in-house, external or DPO support. What is best for your organisation?

The GDPR requires certain organisations to appoint a Data Protection Officer (DPO). This includes public bodies, organisations that conduct regular, large-scale and systematic monitoring of individuals and those that process special categories of personal data on a large scale. While the role of a modern DPO is multi-dimensional, their core responsibility is to help an […]

5 Ways to guard against a ransomware attack

On 14 May 2021, Ireland’s Health Service Executive (HSE) suffered a major ransomware attack and was forced to shut down all its IT systems, nationwide. This sophisticated, financially-motivated attack – which has been called the most ‘significant’ cybercrime attempt against an Irish state agency1 – brought diagnostic services, COVID-19 testing and other critical activities to […]

EU Representative under Article 27 GDPR

The GDPR requires organisations that are not based in the EU but that process personal data relating to people in the EU to appoint a representative in certain situations. The requirements, which we will explore below, have been catapulted to centre stage recently following a €525,000 fine which was imposed on the website “Locatefamily.com” by […]

Strand is targeting the future

We are delighted to announce that Pembroke Privacy has joined forces with some true leaders in data protection and cybersecurity to form Strand Advisory, a new data protection consulting firm with a global reach. Our clients can still benefit from our local expertise and relationships, while also gaining access to our global colleagues. We are […]

Data Privacy Day Kick Off

Our founder Kate Colleary joined the IAPP – International Association of Privacy Professionals President and CEO J. Trevor Hughes together with #privacypros from around the world for a chat via #LinkedInLive.

Should your organisation carry out a Data Protection Impact Assessment?

Under certain circumstances organisation are required to carry out a Data Protection Impact Assessment (DPIA). A DPIA is essentially a risk management process. It helps you identify, analyse and minimise the data protection risks of a project or new technology. If carried out at the start of a project it can help you embed data […]

Post Schrems II decision – what to do next to manage data transfers outside the EU

Organisations that wish to transfer the personal data of Europeans to jurisdictions outside the EEA must use an appropriate transfer mechanism to transfer the data lawfully. For example, let’s take a company based in the US that provides accounting software to Customers in the EU. These EU Customers are likely to be Data Controllers as […]