What’s happened? Schrems strikes again. We’re all going to have to find new ways to protect transfers of data to the US – or stop doing it. The ECJ today invalidated the Privacy Shield framework that was cobbled together in 2015 after the ECJ struck down Safe Habour in response to the original lawsuit Max … Continue reading Privacy Shield is dead. Now what?
This is more of a reminder than anything else. I've already blogged about the risks of a hard Brexit from a data protection compliance perspective, and we've featured it in our October newsletter at Securys. But now the ICO has also said similar things, and the government is moving to "full hard-Brexit preparation". So it's … Continue reading Hard Brexit preparation
Here's another thing people are getting wrong. Just because your data isn't stored inside the EEA - wait, you thought it had to be inside the EU? wrong! - doesn't mean you should panic and repatriate it. What you need to do is check whether wherever you've put it has an adequacy decision. A what? … Continue reading Where’s your data? (Second reprise)