Data Privacy

Data portability refers to the right granted to individuals to access and transfer their personal data between services, as enshrined in modern data protection laws such as the GDPR. Advocates argue that data portability enhances consumer choice and fosters competition by making it easier to switch providers, thus reducing service provider lock-in. Just as number portability empowered consumers to switch mobile providers without losing their phone number, data portability allows users to move their digital history, preferences, and identity between digital services. However these benefits come with significant risks. Poorly implemented systems and weak controls could allow fraudsters to impersonate users and extract sensitive data. Cybercriminals may spoof new extraction requests or intercept poorly secured transfers, turning a consumer-friendly right into a new attack vector. ...

Data loss prevention (DLP) helps organisations protect sensitive information from loss, misuse, or unauthorised access. DLP is a strategy and set of tools designed to prevent sensitive information from leaving an organisation’s control or being accessed by unauthorised users. It works by identifying, monitoring, and protecting data in three states: when it’s being used, when it’s being transferred (such as over a network or email), and when it’s stored on devices or servers. DLP tools use content inspection and security analysis to achieve this. ...

What is data privacy? Data privacy refers to the proper handling, processing, storage, and use of personal information to protect the confidentiality and integrity of individual’s data. It ensures that personal information is not only secured, but also remains accurate, and is only used for its intended use. Data privacy encompasses the policies, procedures and practices that organisations adopt to ensure personal data is collected, used, and shared in a lawful and transparent manner. These practices must comply with legal obligations such as GDPR and other application data protection laws, and must extend beyond the organisation itself to include third-party vendors such as data processors who may also be handling the data. ...

A data subject is an individual (natural person) whose personal data is collected, held, or processed by an organisation. Under GDPR and other related laws, data subjects have specific rights regarding their personal data, including the right to access, correct, and request the deletion of their data. Further reading Data Subject Definition in the GDPR act Related pages GDPR

The General Data Protection Regulation (GDPR) is a European Union regulation on data protection and privacy. Further reading General Data Protection Regulation (GDPR) - GDPR Summary EU General Data Protection Regulation (GDPR) - PCPD Hong Kong

Hong Kong’s Personal Data (Privacy) Ordinance (PDPO) is the primary law governing data protection in Hong Kong, outlining the rights and obligations related to the collection, use, and transfer of personal data. The Personal Data (Privacy) Ordinance is managed by the Office of the Privacy Commissioner for Personal Data (PCPD) in Hong Kong. Further reading The Personal Data (Privacy) Ordinance

The Personal Information Protection Law (PIPL) is a data privacy law that governs the collection, use, and transfer of personal information within China. It was passed by the National People’s Congress and came into effect on November 1, 2021. Further reading Mainland’s Personal Information Protection Law (PCPD) Related pages Personal Data Privacy Ordinance

Further reading Schrems II a summary – all you need to know The CJEU judgment in the Schrems II case (European Parliament) (PDF) What is Schrems II and how does it affect your data protection in 2021? (Thales) Related pages US CLOUD Act

Introduced after Schremms II decision. Further reading Transfer Impact Assessment

The EU and UK General Data Protection Regulation (GDPR) defines the role of the Data Controller, making them responsible for compliance and risk management under data protection laws. Understanding the data controller concept is essential to understand organisational obligations and to manage data protection legal risk. Defining the Data Controller A Data Controller is an entity (natural or legal person, public authority, agency, or other body) that determines the purposes and means of processing personal data. Simply put, they decide why and how personal data is used. ...