GDPR in Companies

How Your Company Can Use Privacy as a Competitive Advantage

Many companies view GDPR compliance as a necessary evil rather than an opportunity to improve business models and customer experiences. This article takes a closer look at some of the benefits your organisation can gain from using privacy as a key differentiator in your market. Firstly, it’s essential to understand the scope of the General Data Protection Regulation (GDPR). Implemented by the EU in 2018, the GDPR applies to all organisations processing data from people within the EU. Therefore, companies based anywhere in the world can fall within scope of the GDPR. Being conscious of the consequences of non-compliance is

Read More

The Fundamentals of Processing Children’s Data

Table of Contents Every person, no matter their age, has the right to have their personal information protected and used only in a fair and lawful manner. As children may be less aware of their rights, as well as the risks, associated with the processing of their personal data, the General Data Protection Regulation (GDPR) considers children to be vulnerable data subjects – and thus gives them specific protection in this regard. In late 2020, the Data Protection Commissioner (DPC) published a comprehensive draft guidance document entitled ‘Children Front and Centre: Fundamentals for a Child-Oriented Approach to Data Processing‘. Following

Read More

Appointing a DPO – in-house, external or DPO support. What is best for your organisation?

The GDPR requires certain organisations to appoint a Data Protection Officer (DPO). This includes public bodies, organisations that conduct regular, large-scale and systematic monitoring of individuals and those that process special categories of personal data on a large scale. While the role of a modern DPO is multi-dimensional, their core responsibility is to help an organisation demonstrate compliance with the GDPR and other data protection laws. Even in instances where an organisation is not legally required to appoint a DPO, it can be advantageous to do so. Appointing a DPO is an excellent way for organisations to ensure that the

Read More

5 Ways to guard against a ransomware attack

On 14 May 2021, Ireland’s Health Service Executive (HSE) suffered a major ransomware attack and was forced to shut down all its IT systems, nationwide. This sophisticated, financially-motivated attack – which has been called the most ‘significant’ cybercrime attempt against an Irish state agency1 – brought diagnostic services, COVID-19 testing and other critical activities to a halt. While progress has been made in restoring and rebooting systems, a significant disruption to everyday services is still ongoing. This event highlights the fact that ransomware attacks are becoming more pervasive, sophisticated and destructive. While most organisations understand the need for a sound

Read More
Health Research Regulations

EU Representative under Article 27 GDPR

The GDPR requires organisations that are not based in the EU but that process personal data relating to people in the EU to appoint a representative in certain situations. The requirements, which we will explore below, have been catapulted to centre stage recently following a €525,000 fine which was imposed on the website “” by the Dutch DPA, because of their failure to comply with Article 27 and designate an EU Data Representative. So, it is important for organisations to consider whether they are required to appoint an EU representative. Who needs an EU Representative? It is necessary for an

Read More
Strand Advisory

Strand is targeting the future

We are delighted to announce that Pembroke Privacy has joined forces with some true leaders in data protection and cybersecurity to form Strand Advisory, a new data protection consulting firm with a global reach. Our clients can still benefit from our local expertise and relationships, while also gaining access to our global colleagues. We are very excited about this global expansion of our business. Our motto, “making the complex clear” remains an integral part of who we are, and we hope to share that in a global marketplace. Founded in Dublin, Ireland, Strand Advisory will deliver customized global consulting services

Read More

Data Privacy Day Kick Off

Our founder Kate Colleary joined the IAPP – International Association of Privacy Professionals President and CEO J. Trevor Hughes together with #privacypros from around the world for a chat via #LinkedInLive.

Read More

Should your organisation carry out a Data Protection Impact Assessment?

Under certain circumstances organisation are required to carry out a Data Protection Impact Assessment (DPIA). A DPIA is essentially a risk management process. It helps you identify, analyse and minimise the data protection risks of a project or new technology. If carried out at the start of a project it can help you embed data protection obligations into the project at an early stage, saving time and cost. Here are some pointers: Before anything else, you need to establish whether a DPIA is required in the first place. If a preliminary assessment concludes that a DPIA is mandatory, then the

Read More
Personal Data Transfer outside the EU

Post Schrems II decision – what to do next to manage data transfers outside the EU

Organisations that wish to transfer the personal data of Europeans to jurisdictions outside the EEA must use an appropriate transfer mechanism to transfer the data lawfully. For example, let’s take a company based in the US that provides accounting software to Customers in the EU. These EU Customers are likely to be Data Controllers as in they are responsible for the data they collect and process relating to their clients. The US company is likely to be a Data Processor in respect of the personal data transferred by those Customers. As the EU-based Customers are essentially transferring data from the

Read More

Have a Question?

Ask below: