Wednesday 9 March 2022
Increased cyber-attack risk & criminal cyber activity
As Puzzel do not operate infrastructure in Russia or Ukraine, there is no direct threat to Puzzel’s operational, organisational, or technical infrastructure and assets. If the situation escalates further, Puzzel will be in a shared position with most vendors and markets facing a broad and potentially widespread conflict.
Ukraine is a major supplier of raw materials used to manufacture critical components for computers, cars and any appliance containing microchips. A medium to long term conflict will additionally increase the already challenging situation in the microchips supply. This may have a spillover effect affecting critical infrastructure (Cloud providers & hardware manufacturers) service levels.
Times of crisis may bring out the best in us, but it also has a way of bringing out the worst in some. There is an increased level of websites and services designed to profit from the conflict. Be extremely aware of phishing attempts, and make sure you critically evaluate the validity of any website or service in general, and specifically any service related to the Ukraine conflict.
Wednesday 30 June 2021
An adequacy decision between UK and EU is now in place, and personal data can continue to flow freely between EU (and EEA) and UK.
Monday 4 January 2021
The Treaty agreed with the EU will allow personal data to flow freely from the EU (and EEA) to the UK, until adequacy decisions have been adopted, for no more than six months.
This will enable businesses and public bodies across all sectors to continue to freely receive data from the EU (and EEA). The UK has, on a transitional basis, deemed the EU and EEA EFTA States to be adequate to allow for data flows from the UK.
So, what does this mean for Puzzel and its customers?
There is another transition period for up to six months in which data can flow freely between UK and EU/EEA without additional measures in place.
In the agreement, the EU and UK both commit to uphold high standards of data protection. The agreement provides that, for an interim period of up to six months from 1 January 2021, a “transmission” of personal data from the EEA to the UK shall not be considered as a transfer to a third country under EU law.
The intention appears to be that the Schrems II requirements – to assess UK laws and ensure that transferred personal data is protected to a standard essentially equivalent to the EU GDPR – will not apply during the interim period, since they are only relevant for transfers to third countries.
Given that the GDPR will be brought into UK national law by virtue of the European Union (Withdrawal) Act 2018 and the UK Data Protection Act 2018 (“DPA 2018”), there is reason to hope that an adequacy decision may be achievable within this six-month interim period.
Puzzel will monitor the process going forward and implement necessary measures where applicable in case an adequacy decision is not achieved for the UK.