Cybersecurity continues to be challenged and receives indisputable attention with the evolving digital transformation.   According to the 2022 Ponemon Institute report on the state of cybersecurity, 54% of organisations have experienced a cyberattack in the last 12 months. While many surveys state the increasing incidence of Ransomware and Distributed Denial of Service (DDoS) attacks [...]

On the 13 December 2022 the European (EU) Commission released its draft adequacy decision for the EU-U.S. Data Privacy Framework (DPF). This decision follows the signature of a US Executive Order by President Biden on the 7th October 2022 in which the US government made several commitments to implement new binding safeguards to address [...]

Looking back over 2022, HewardMills has continued to consistently set the standard on data protection and privacy, championing best practice and working hand in hand with our global clients to identify and address data protection and privacy gaps.    Fines  Over the course of the year, we have seen data privacy and protection hit the [...]

Last month, we joined celebrations at the Natural History Museum as B Corp reached the momentous milestone of 1000 UK certified corporations; with HewardMills being one of the latest to proudly join the community. At the heart of the event was the opportunity to connect and celebrate with other B Corp organisations whose collective [...]

Discord, a popular voice over IP communication platform was fined 800 000 euros by French CNIL over GDPR violations in regard of data retention periods and personal data security. CNIL (Commission Nationale de l'Informatique et des Libertes) a French public authority conducted Investigations which led to discovery of 5 GDPR violations including:  1. Failure to [...]

The UK General Data Protection Regulations (GDPR) contains guidance and rules regarding transfers of personal data to recipients located outside the UK, these are known as restricted transfers. In order to comply with the GDPR, Article 46 of the GDPR details the "appropriate safeguards" that should be implemented for restricted transfers. Examples of such [...]

The European Commission’s proposed Artificial Intelligence (AI) Act attempts to regulate a wide range of AI applications, aligning them with EU (European Union) values and fundamental rights through a risk-based approach.  The AI Act focuses on four specific types of use or practice for an AI system:  Prohibited AI practices and systems, such as [...]

Standard Contractual Clauses (SCCs) are a key mechanism by which organisations can transfer personally identifiable data to/from countries outside European Economic Area (EEA). This mechanism is particularly relevant for countries that have not received an adequacy decision by the European Commission. Usually, countries outside the EEA are referred to as “Third Countries”.  SCCs are [...]

Introduction  In April 2017, the European Data Protection Board (EDPB) endorsed the Article 29 Working Party’s Guidelines for identifying a controller or processor’s lead supervisory authority. The EDPB noted that further clarification in these Guidelines was required, especially in relation to the main establishment in the context of joint controllership. Recent weeks have seen updates [...]

Clearview AI, a privately owned company based in the US, has been involved in many suits in the last couple years that highlight the maturing of global data protection laws, as well as the advancement of biometric information identification technologies. Clearview has the largest known database of over 30 billion facial images. Its website [...]