Photo of Malcolm Dowden

Malcolm Dowden

In January 2022, the President of the Personal Data Protection Office (“DPDO“) of Poland fined both a data controller and processor for their failure to implement appropriate technical and organisational measures to ensure the security of personal data. In particular, the data controller failed to exercise its GDPR right to audit and inspect

Ransomware and DDoS attacks are costly to organisations that fall victim in terms of reputational damage, picking up the pieces as well as potential enforcement from the ICO and compensation claims by data subjects.
Continue Reading Double Trouble: Why Organisations Need to Consider the Legal Consequences of Ransomware and DDoS Attacks

On 25 March the US and EU announced “agreement in principle” on a new legal framework for GDPR-compliant transfers of EU personal data to the United States. The agreement reflects US commitment to implementing new safeguards designed to address concerns that led to the July 2020 Schrems II decision of the European Court of Justice