• All
  • Data Science
  • News
  • Privacy
  • Research Highlights
  • Security

Child sexual exploitation and child sexual abuse remain challenging issues for law enforcement and local authorities in the UK due to the hidden nature of these crimes. Risk assessments tools, which can be similar to questionnaires, enable the categorisation of cases as “low”, “moderate” or “high” risk and...

Research pilots play a critical role in the testing, validation, and evaluation of new technologies before they are pushed into the market. They act as a feasibility study showing technology developers, end-users, and evaluators what is and is not working so that modifications and/or additional...

The Council of Europe (CoE) in 2006 launched a Data Protection Day to be celebrated each year on 28th January, the date on which the CoE’s data protection convention, known as “Convention 108” was signed. The day, known as Data Protection Day in Europe, is...

To mark Data Protection Day, Trilateral has produced a special article that examines how the General Data Protection Regulation (GDPR) changes the rules for research. The GDPR adopts a “broad” definition of research, encompassing the activities of public and private entities alike (Recital 159). Research occupies...

While emergency medical care has a critical role in assisting casualties after security incidents, there are a number of challenges that the Emergency Medical System (EMS) needs to address. These challenges include: A fragmented chain of actors responding to security-related incidents A lack of communication...

For companies and individuals that work in the area of data privacy, it is fair to say that 2018 was the year of privacy. In May, Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR), the world's most stringent privacy law, came into effect. The...

During a major crisis that affects thousands of people in various areas, different organisations need to communicate with each other easily and make decisions quickly in order to save people’s lives. Currently, many civil protection operating systems are decentralised. Information exchange between organisations is limited as...

In this blog, Benjamin Falk, co-founder of Yo-Da, outlines the current market landscape for personal data and provides insights on how data protection law will drive enormous socioeconomic benefits, bringing Europe in the lead of the international race for artificial intelligence supremacy. I attended the GovTech Summit in...

The Data Protection Supervisory Authorities (DPAs) of 22 Member States of the European Union (EU), recently submitted draft lists to the European Data Protection Board (EDPB). These lists identified data processing activities likely to result in a high risk to the rights and freedoms of...

In their November 2018 plenary meeting, the European Data Protection Board (EDPB) adopted a set of guidelines on the territorial scope of application of Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR). Article 3 GDPR, which regulates the matter, surprised subject matters experts for its potential reach,...

In this blog, Toby Fenton, Research Analyst at Trilateral Research, analyses the concept of risk and our approach in developing risk assessment methodologies in the project Solebay. Risk is an inherent part of life. We often talk of ‘risky’ behaviour, ‘taking risks’ and being ‘risk adverse’,...

We are delighted to announce that Trilateral Research has been designated to serve as the Data Protection Officer for the Wise Group, a leading social enterprise, which transforms people’s lives across Scotland and North East England. As DPO, Trilateral will assist the Wise Group on creating...

The development of new powerful technologies based on Artificial Intelligence and Big Data opens new opportunities but also gives rise to many concerns on the unintended consequences and their possible misuses to harm rather than make our society a better place. We have started looking at...

One of our core areas of expertise at Trilateral is understanding and anticipating the impacts of new technologies and their social, ethical, legal and political impacts in particular. We've been exploring the impact of new technologies at different scales. Developing an understanding of the impacts of...

We are pleased to announce that Trilateral Research has been designated to serve as the Data Protection Officer for the Housing Agency in Ireland. Trilateral Research DPO service grows out of our pioneering work in safeguarding privacy and the protection of personal data within the public...

Trilateral Research is one of 18 consortium partners from eight countries that have developed over the past three years a community policing technical solution to strengthen collaboration between the police and the community as part of the EC project INSPEC2T. Community policing (referred to as neighbourhood...

What is data protection by design exactly? The basic idea is that consideration of the impact of any processing activities when developing a new product, technology or service should be taken into account and from the onset and through the lifecycle of the product. Security...

With more than 70,000 attendees over a four-day period, the Web Summit in Lisbon brought together politicians, technologists, and NGOs to think together, exchange views and set priorities about the global technological agenda. With more than 70 dedicated discussions and panels, AI was one of the...

While organised crime and terrorist groups are often at the forefront of technological innovation for planning, executing and concealing their criminal activities, law enforcement agencies (LEAs) often lag behind. LEAs are therefore in need of new policing technologies to identify, understand and counteract new threats...

The potential impact of AI and robotics technologies on society is immense. Such technologies carry great promise. For example, they can facilitate efficiency by freeing up time spent on menial or repetitive tasks. These technologies can also complement and improve human productivity and open up new...

As defined in the oath of allegiance taken by members of the British Armed Forces upon attestation, the UK military’s defining purpose is to ‘faithfully defend her Majesty, her heirs and successors in person, crown and dignity against all enemies’. Since the 17thCentury, the military has...

Trilateral Research is a partner in the EU-funded research project DEVELOP: Developing careers through social networks and transversal competencies. The aim of the project is to build a software tool that will help employees plan their career development and get feedback on their competencies and skills,...

Whereas much attention has been paid to the radical changes brought by Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR) and its aim to enhance and uniform the data protection legislation across Member States, very few words have been spent on national derogations and...

Outsourced DPO

See below a list of standard requirements for this service, however we are always available to tailor our services in relation to our clients' needs.

Contact us to discuss further.

Serve as your DPO

Company name and contact details transmitted to the ICO Company name and contact details available to:
  • Management
  • Employees
  • Data subjects
Article reference: 37

Contact point for data subjects

  • Contact data accessible on the websites and privacy notices
  • Function as the main public contact point (email & post)
  • Guide your organisation on the possible sources of data access requests.
Article reference: 38(4)

Contact point for Data Protection Authorities
(e.g. ICO)

Liaise with the ICO in case of issues with data subjects and data breaches.
Article reference: 39(1)(d), 39(1)(e), 36

Ad hoc advice on difficult data protection issues

Written opinions on data protection queries, with an analysis of relevant issues or other relevant legislative elements
Article reference: 39(1)(a)

Regular newsletter to inform and advise on relevant developments and possible challenges in data protection

Newsletter containing the latest regulatory news and compliance guidance, and news concerning conferences and training opportunities
Monthly
Article reference: 39(1)(a)

Annual gap analysis

Audit and gap analysis to map new activities and data-processing practices
Virtual
Article reference: 39(1)(b)

Status discussion (via phone/skype) and report

Discussion and report
Every 6 months
Article reference: 39(1)(b)

Review of the privacy notices

Review of the privacy notices to ensure accuracy and advice on how to improve
Article reference: 39(1)(b)

Provide advice to the client organisation on how to carry on data protection impact assessments (DPIA) and to monitor their performance

We provide advice on:
  • Whether to carry out a DPIA
  • The best methodology to follow
  • Whether to carry out the DPIA in-house or to outsource it depending on the complexity
  • What safeguards (including technical and organisational measures) to apply to mitigate any risks to the rights and interests of the data subjects
  • Whether the DPIA has been correctly carried out and whether its conclusions are in compliance with the GDPR
Article reference: 39(1)(c)

Oversee the establishment and maintenance of the Record of Processing Activities

  • Contact point for the designated employee
  • Guidance on the Record, including provision of check-lists, best practices, and methodological advice
Article reference: 39

Provide guidance on data breach handling and reporting

  • Contact point for the responsible person
  • Contact point for the ICO
  • Advice on best practices for handling data breaches, including notification requirements, reporting and identification of measures to limit damage
Article reference: 33(3)(b)

Monitor the data-protection-training activities and advise on their necessity

  • Inclusion of a chapter on training in the status reports
  • Provision of news and updates on relevant conferences and training courses (newsletter)
  • Provision of training materials, where appropriate
Article reference: 39(1)(b)

Email and telephone assistance

-
Article reference: -

Bespoke notifications to management on critical legislative, judicial, or policy developments that may impact your business

Email notification with explanation of the development and a preliminary overview of the impact on the organisation
Article reference: 39(1)(a)

Training seminar on the developments of data protection law and policy

-
Article reference: -

Review of the consistency of the internal documents concerning data processing practices

Cross-check of the consistency of the internal documents
Article reference: 39(1)(b)

Weekend and holidays data breach guidance

Data breach guidance during the weekends and holidays
Article reference: -

DPO Assist

See below a list of standard requirements for this service, however we are always available to tailor our services in relation to our clients' needs.

Contact us to discuss further.

Ad hoc advice on difficult data protection issues

Written opinions on data protection queries, with an analysis of relevant issues or other relevant legislative elements
Article reference: 39(1)(a)

Regular newsletter to inform and advise on relevant developments and possible challenges in data protection

Newsletter containing the latest regulatory news and compliance guidance, and news concerning conferences and training opportunities.
Monthly
Article reference: 39(1)(a)

Annual gap analysis

Audit and gap analysis to map new activities and data-processing practices
Virtual
Article reference: 39(1)(b)

Status discussion (via phone/skype) and report

Discussion and report
Annually
Article reference: 39(1)(b)

Review of the privacy notices

Review of the privacy notices to ensure accuracy and advice on how to improve.
Article reference: 39(1)(b)

Provide advice to the client organisation on how to carry on data protection impact assessments (DPIA) and to monitor their performance

We provide advice on:
  • Whether to carry out a DPIA
  • The best methodology to follow
  • Whether to carry out the DPIA in-house or to outsource it depending on the complexity
  • What safeguards (including technical and organisational measures) to apply to mitigate any risks to the rights and interests of the data subjects
  • Whether the DPIA has been correctly carried out and whether its conclusions are in compliance with the GDPR
Article reference: 39(1)(c)

Provide guidance on data breach handling and reporting

  • Contact point for the responsible person
  • Advice on best practices for handling data breaches, including notification requirements, reporting and identification of measures to limit damage
Article reference: 33(3)(b)

Monitor the data-protection-training activities and advise on their necessity

  • Inclusion of a chapter on training in the status reports
  • Provision of news and updates on relevant conferences and training courses (newsletter)
  • Provision of training materials, where appropriate
Article reference: 39(1)(b)

Email abd telephone assistance

-
Article reference: -

Bespoke notifications to the top management on critical legislative, judicial, or policy developments that may impact your business

Email notification with explanation of the development and a preliminary overview of the impact on the organisation
Article reference: 39(1)(a)

Compliance Support

See below a list of standard requirements for this service, however we are always available to tailor our services in relation to our clients' needs.

Contact us to discuss further.

Data Mapping

Map the data flows within your organisation to better understand how personal information flows between departments

Data Protection Impact Assessments

Where required by the GDPR or national law, conduct or review DPIAs using our library of good practices
Article reference: 35

Consent and Privacy Notice Requirements

Revise and improve consent and privacy notices to meet transparency and accoutnability requirements

Gap Analysis

Identify gaps in your organisation's compliance with the GDPR, national data protection legislation or sectoral legislation

Data Protection Audit

Audit your organisation's activities to assess your compliance with applicable data protection law

Data Protection-by-design and -default

Work with your technical and admin teams to operationalise Data Protection-by-design and -default, using established good practice
Article reference: 25

Training

We offer general, role-based (e.g., HR) and activity based (e.g., DPIA) training. All our training materials are designed to be accessible to non-experts and easy to use

General compliance support

Support for creating required documentation, including, but not limited to Records of Processing activities, Data retention (and deletion) schedules, Personal Data Breach procedures, Subject Access Request procedures, Training materials, Legitimate Interest Assessments, etc.)