GDPR Right to Portability – submission to Article 29 Working Party

ABSTRACT: must Controllers inform processors of the legal bases of processing? Prima facie no: but from a legal and business-strategic... read more

The Three Knights are riding to the rescue! Or... is it.. the Three Stooges, or perhaps Sanchos, tilting at the windmills... read more

Abstract: (1) The GDPR arguably, either directly or indirectly, could engage in a relatively straightforward fashion circa 30 jurisdictions apart from... read more

ABSTRACT: Each of the Article 6(1) bases interacts with other Articles and other laws in different ways, and have different... read more

SR Submission to WP29 - 16-EN wp243 DRAFT DPO Guidance read more

ABSTRACT: Supervisors are interested in GDPR risks. Financial regulators are interested in financial risks. Often the latter may be derivative... read more

IP addresses can determine jurisdiction - as classically exploited by private and public surveillance agencies, BigTech, other data brokers,  and... read more

ABSTRACT: A list of current and future "how-to" posts on practical enterprise-specific GDPR compliance using public domain objects, with optional... read more

Abstract: Simple methods to inoculate data protection (or any other) multi-jurisdictional software from Brexit and similar events, before their possibility... read more

"Data breaches... Armageddon..." - Morrisons v Various Claimants, [2018] EWCA Civ 2339 at para 78. Caveat: I confess at the outset... read more