Health Research Regulations

EU Representative under Article 27 GDPR

The GDPR requires organisations that are not based in the EU but that process personal data relating to people in the EU to appoint a representative in certain situations. The requirements, which we will explore below, have been catapulted to centre stage recently following a €525,000 fine which was imposed on the website “” by the Dutch DPA, because of their failure to comply with Article 27 and designate an EU Data Representative. So, it is important for organisations to consider whether they are required to appoint an EU representative. Who needs an EU Representative? It is necessary for an

Read More
Strand Advisory

Strand is targeting the future

We are delighted to announce that Pembroke Privacy has joined forces with some true leaders in data protection and cybersecurity to form Strand Advisory, a new data protection consulting firm with a global reach. Our clients can still benefit from our local expertise and relationships, while also gaining access to our global colleagues. We are very excited about this global expansion of our business. Our motto, “making the complex clear” remains an integral part of who we are, and we hope to share that in a global marketplace. Founded in Dublin, Ireland, Strand Advisory will deliver customized global consulting services

Read More

Data Privacy Day Kick Off

Our founder Kate Colleary joined the IAPP – International Association of Privacy Professionals President and CEO J. Trevor Hughes together with #privacypros from around the world for a chat via #LinkedInLive.

Read More

Should your organisation carry out a Data Protection Impact Assessment?

Under certain circumstances organisation are required to carry out a Data Protection Impact Assessment (DPIA). A DPIA is essentially a risk management process. It helps you identify, analyse and minimise the data protection risks of a project or new technology. If carried out at the start of a project it can help you embed data protection obligations into the project at an early stage, saving time and cost. Here are some pointers: Before anything else, you need to establish whether a DPIA is required in the first place. If a preliminary assessment concludes that a DPIA is mandatory, then the

Read More
Personal Data Transfer outside the EU

Post Schrems II decision – what to do next to manage data transfers outside the EU

Organisations that wish to transfer the personal data of Europeans to jurisdictions outside the EEA must use an appropriate transfer mechanism to transfer the data lawfully. For example, let’s take a company based in the US that provides accounting software to Customers in the EU. These EU Customers are likely to be Data Controllers as in they are responsible for the data they collect and process relating to their clients. The US company is likely to be a Data Processor in respect of the personal data transferred by those Customers. As the EU-based Customers are essentially transferring data from the

Read More

COVID – 19 in the Workplace – Employment and Data Protection

FAQ in Employment and Data Protection Employment Law firm, CC Solicitors, and data protection experts, Pembroke Privacy, have come together to provide urgent advice and support for our clients onemployment and data protection issues in the workplace arising from COVID – 19. This FAQ highlights some of the type of questions we have been recently asked. Table of contents What immediate steps should be taken? What should employers do when there is a suspected case of the virus? What if an employee cannot attend work because they have to self-isolate because of COVID – 19? The schools and childcare facilities

Read More

DPC Annual Report 2019 – Analysis and Commentary

This week (on 20 February 2020) the Data Protection Commission launched its annual report for 2019. The report highlights the activities of the Data Protection Commission (DPC) in the past year, the first full year since the GDPR commenced. Some highlights of interest include topics such as complaints made, Data Subject Access Requests, direct marketing activities, data breaches, statutory enquiries, cookies, consultations, Data Protection Officers, case studies and litigation. Some highlights and points to note on the report are as follows: Complaints A total of 7215 complaints were received by the DPC in 2019. Access Requests was the highest complaint-type

Read More

Preparing for International Data Protection Day 2020 – Dublin, Ireland

Last week was been a busy one, with privacy pros preparing for this week’s international Data Protection Day. Here in Dublin, we are looking forward to welcoming IAPP CEO J. Trevor Hughes to celebrate the most important day in the international privacy and data protection calendar. We are hoping Trevor will experience a true Irish “céad míle fáilte” (a hundred thousand welcomes). We have a packed schedule for this week, with meetings, lunches, dinners and podcasts planned. You can read more here.

Read More
luctus vel, dolor amet, in efficitur. quis, Aenean libero. consequat. tristique

Have a Question?

Ask below: