Bird & Bird Guide to the General Data Protection Regulation

Bird & Bird guide to the General Data Protection Regulation by Bird & Bird

The changes which are to be ushered in by the GDPR from Friday 25 May 2018 are substantial and ambitious. The Regulation is one of the most wide ranging pieces of legislation passed by the EU in recent years, and concepts to be introduced such as the ‘right to be forgotten’, data portability, data breach notification and accountability (to call out only a few) will take some getting used to. Even its legal medium - a regulation
not a directive - makes the GDPR an unusual piece of legislation for data protection lawyers to analyse.


This guide seeks to summarise the key changes that the new law will bring and to highlight the most important actions which organisations should take in preparing to comply with it.

IANAL. Bird & Bird are.

Read more

Software Development and GDPR

Software Development and GDPR by OISIN HURLEY

Are you in control of the presence of data in your database? Yes. It’s up to you to delete it when requested. Are you in control of the data on your hard drive? Yes. It’s up to you to delete it when requested. Are you in control of the operating system implementation or database implementation of deletion? No. Could you get the data back if you wanted to? Yes – but that’s not part of your usual run of business, so why would you explicitly do that? What if some bad dude steals your hard drive and then rummages through it? Ok, we are getting a little far-fetched here for most businesses that are not keeping special category data, but if this does happen, then you have failed in your security controls.

Read more


GDPR’s First 150 Days Impact on the U.S.

Both CCPA and GDPR share very similar frameworks. CCPA gives California residents certain rights on how their personal data can be stored, accessed, sold and deleted. Each is on par with GDPR rules.


However, there are a few differences, the most significant being that GDPR requires users to opt-in for personal data collection, while the CCPA offers CA residents an opt-out mechanism for having their data collected. In other words, the CCPA allows websites to initially collect your information when users sign up, while the GDPR requires a user’s consent explicitly before gathering any information.

I am disappointed with this. I think this is politicians appearing to care about privacy but bowing to industry pressure. I can't imagine that Google and Facebook et al. really want any regulation in the USA that impact their ability to collect user data.

Read more