Data Protection News Roundup - September - iSTORM® Privacy - Security

Welcome to September’s edition of our Data Protection monthly news roundup. Read on to find out what’s new in the world of data protection, as well as updates on all things iSTORM.

Projects

August saw the continuation of several projects from the previous month, as well as a variety of new ones starting, including:

Full internal audit for an accountancy firm focusing on areas such as Training, Data Security and Access Rights including full review of all internal and external documents, policies and procedures.
RoPA support focusing on HR processing within a care provider environment.
Targeted audit on the DSAR process both Internal and External for a global publishing entity.
Support with SLi mobile apps focusing on targeted ads, along with discussions around Consent and LI as considered legal basis for processing in different countries.
Support with tracking cookies and Lookalike (LaL) marketing for a global security company.
Review of international data sharing agreements for multiple businesses.
Supporting a client with EMEIA Data Protection Directives and Guidance.
Controller/Processor RoPA amendments.

iSTORM are currently looking to the future for you, our clients, and for our continued growth. If you would like any more information on anything covered below, or you have a query, please reach out to us anytime!

News

EEU AI Act provisions come into effect

Provisions in the EU’s Artificial Intelligence Act are now in effect, meaning that general-purpose AI providers must now meet transparency and copyright compliance rules under Article 53, and if their models are deemed to pose systemic risk, adhere to additional safety and security requirements under Article 55. To help guide implementation, the European Commission released a voluntary Code of Practice, urging organisations to document training processes, lawfully source training data, embed security-by-design, and conduct risk assessments. Enforcement of these obligations will be overseen by the new European AI Office, with full compliance expected by August 2027 for existing models.

Source: PDP

Google Confirms major data breach

Google has confirmed a major data breach affecting up to 2.5 billion Gmail users, after the ShinyHunters group gained access to a corporate Salesforce CRM database through social engineering via voice-phishing tactics. While Google says the compromised data consisted only of basic, largely public contact details, and did not include passwords or data from Gmail, Drive, or Cloud, users have since been inundated with phishing and impersonation attempts, including scam calls, texts and emails. Authorities and experts strongly advise enabling multi-factor authentication (or passkeys), using Google’s Security Checkup or Advanced Protection Program.

Source: PDP

DSAR Support

Responding to Data Subject Access Requests (DSARs) can be time-consuming and legally sensitive, especially when internal. We can support in managing DSARs, ensuring responses are compliant, thorough, and delivered within the required timeframe. For complex cases, such as grievances, involving an independent DPO like iSTORM can be invaluable. It brings neutrality, reduces internal tensions, and ensures objectivity in handling sensitive data. Our experienced team understands the nuances of employment law and data protection, helping you avoid common issues and reputational risk. Whether you’re facing a routine request or a tricky one, we’re here to support you every step of the way.

Meet the Team…

Our friendly team of passionate Data Protection Specialists are here to help your team navigate your data protection challenges, and are happy to support you with all your queries.

We are really excited to welcome the newest member to our brilliant team of Data Protection Consultants! Kielee has a wide range of experience, working as a consultant for a high street building society for over 7 years and focusing on all aspects of account management.

Data Protection News Roundup – September