Just to quickly reiterate, if the internal DPO is already overseeing, managing or directing a specific department, appointing him/her as a DPO is asking for trouble – it may lead to heavy fines as it is a conflict of interest according to GDPR guidelines.
Today’s organizations describe their data retention policy as a key element in their data privacy strategy. Industry sectors, whether healthcare,...
hird-party data breaches pose a significant risk to a company’s reputation. Consider these findings from a survey of 7,500 consumers in France, Germany, Italy, the U.K., and the U.S.:
An LIA is used to determine if an organisation can process data using the legitimate interest lawful basis. This article explains what lawful bases are under GDPR, and how to complete a legitimate interest assessment (LIA).
As the name suggests, personal sensitive data contains data of the highest sensitivity level to the data subject. It includes personal and sensitive information that cannot be disclosed without the data subject’s consent
The costs begin to accelerate as the attack progresses. Suppose you are lucky and have cyber protection insurance. In that case, your insurers will need to know the full extent of the breach, often calling expensive third parties to help with the exercise.
Although not required for all organisations, we recommend all organisations maintain a living ROPA record because it makes it easier to comply with GDPR.
As per the GDPR, organizations need to establish a structured and thorough approach to ensuring compliance. This requires that security and privacy policies be developed and communicated by data subjects and documented in formalized processes,
The accountability principle is also in Article 24, which requires controllers to “implement appropriate technical and organisational measures to ensure and to be able to demonstrate that processing is performed in accordance with this Regulation.”
Introduction In the wake of the General Data Protection Regulation (GDPR), individuals have more control than ever over the personal data companies...
Risk assessment is the process of identifying the impact an event could have on an organization’s assets
The new clauses came into effect on June 27, 2021. However, organizations are allowed to continue under the existing SCCs for their existing data transfers until September 27, 2021, after which the new SCCs must be implemented for all new data transfers