It is over a year now since the General Data Protection Regulation (GDPR) came into force throughout the EU and the STAR II project has also been designed to understand how small and medium enterprises (SMEs) have experienced the GDPR during this period. To find out...

The new world economy relies on data-driven technologies and systems. Data is knowledge and innovation, ensuring scientific progress. There is a strong debate on whether the new General Data Protection Regulation (GDPR) constitutes an enabler or hindrance for scientific research. Although the focus has been...

Data Protection Authorities including the ICO and the Irish Data Protection Commission have recently released updated cookie guidance and CNIL, the French Data Protection Authority, have released updated guidelines, repealing their 2013 guidelines which suggested that a valid form of consent to cookies included the...

In a historic move, the Danish Data Protection Authority, Datatilsynet has recommended its first fine under the GDPR regime for taxi company Taxa4x35 for its failure to adhere to principles of data minimisation and a failure to properly anonymise personal data. Organisations who wish to avoid...

A recent editorial (March 2019) and article (Jan 2019) in the British Medical Journal have focused on how medical mobile apps, currently a booming market, routinely share users’ data. Given the purpose of these mobile applications and the fact that their use is sometimes suggested to patients...

Due to their manoeuvrability, varying designs and sizes, as well as the vast array of hardware and software capabilities they could be equipped with, drones have found widespread applications in fields spanning cinematography, insurance valuations, construction project planning, real estate sales and infrastructure inspections among...

Many organisations have already recognised the need to appoint specialist personnel to ensure they are meeting their obligations in relation to the protection of personal data. For example, the General Data Protection Regulation (GDPR) requires many types of organisations to appoint a Data Protection Officer...

The General Data Protection Regulation (GDPR) creates a new role called a Data Protection Officer which assists a data controller or processor to monitor their internal compliance. Although not every organisation requires a Data Protection Officer (DPO), the GDPR provides that the DPO may be an...

The Council of Europe (CoE) in 2006 launched a Data Protection Day to be celebrated each year on 28th January, the date on which the CoE’s data protection convention, known as “Convention 108” was signed. The day, known as Data Protection Day in Europe, is...

To mark Data Protection Day, Trilateral has produced a special article that examines how the General Data Protection Regulation (GDPR) changes the rules for research. The GDPR adopts a “broad” definition of research, encompassing the activities of public and private entities alike (Recital 159). Research occupies...

For companies and individuals that work in the area of data privacy, it is fair to say that 2018 was the year of privacy. In May, Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR), the world's most stringent privacy law, came into effect. The...

In this blog, Benjamin Falk, co-founder of Yo-Da, outlines the current market landscape for personal data and provides insights on how data protection law will drive enormous socioeconomic benefits, bringing Europe in the lead of the international race for artificial intelligence supremacy. I attended the GovTech Summit in...

The Data Protection Supervisory Authorities (DPAs) of 22 Member States of the European Union (EU), recently submitted draft lists to the European Data Protection Board (EDPB). These lists identified data processing activities likely to result in a high risk to the rights and freedoms of...

In their November 2018 plenary meeting, the European Data Protection Board (EDPB) adopted a set of guidelines on the territorial scope of application of Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR). Article 3 GDPR, which regulates the matter, surprised subject matters experts for its potential reach,...

We are delighted to announce that Trilateral Research has been designated to serve as the Data Protection Officer for the Wise Group, a leading social enterprise, which transforms people’s lives across Scotland and North East England. As DPO, Trilateral will assist the Wise Group on creating...

We are pleased to announce that Trilateral Research has been designated to serve as the Data Protection Officer for the Housing Agency in Ireland. Trilateral Research DPO service grows out of our pioneering work in safeguarding privacy and the protection of personal data within the public...

What is data protection by design exactly? The basic idea is that consideration of the impact of any processing activities when developing a new product, technology or service should be taken into account and from the onset and through the lifecycle of the product. Security...

Whereas much attention has been paid to the radical changes brought by Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR) and its aim to enhance and uniform the data protection legislation across Member States, very few words have been spent on national derogations and...

Anonymisation and data-erasure requests: a perfect solution or a dangerous false friend? With the GDPR now fully applicable, data subjects are entitled to exercise a number of new rights over their personal data undergoing processing by organisations. They are able to demand that – in certain...

Following the latest advancements in the digital economy, technology and science, it has become clear that personal data is the new oil. Regulation (EU) 2016/679 (GDPR) is the response to technological challenges. It aims to empower data subjects and ensure uniformity among Member States. This...

The ICO report on the investigation into the use of data analytics in political campaigns  In July, the Information Commissioner’s Office (ICO) published a progress report on its ongoing investigation into the use of people’s personal data to influence political opinion. This forms part of a...

The use of Virtual Reality has expanded from gaming scenarios to less recreational immersive experiences including education, news reporting, advertising and training.  Three key areas where VR is being considered for experimentation and implementation are: Education, Museums Cultural heritage However, the use of these systems may...

We are pleased to announce that Trilateral Research has been recently appointed as the Data Protection Officer (DPO) for the University of Cambridge Group, which includes the University of Cambridge, Cambridge University Press, and Cambridge Assessment. ‘We have engaged Trilateral Research as part of our drive...

Over the past few months, a considerable amount of news addressed the questionable practices adopted by some organisations to allegedly comply with the General Data Protection Regulation (GDPR). Some of these practices also led regulatory authorities to issue fines to ensure that a simple and...

A recent news story from BBC news has highlighted the importance of ensuring all organisations have a full-scale data security policy. When many organisations think of data security, they think of cyber-security and preventing malicious attacks. However, ensuring your policy includes provisions for physical security...

The Information Commissioner’s Office (“ICO”) has recently published its annual report for the 2017-2018 period, outlining the work it has undertaken over the past year (1 April 2017-31 March 2018). The report includes some interesting facts and figures relevant to organisations, especially public sector organisations,...

‘Risk Assessment Report and Methodology’

You can view the Executive Summary and Table of contents of the Project Solebay Risk Assessment Methodology Report.

Please sign up to the Solebay mailing list to download the Full Solebay project report.