Betrouwbare en eenvoudige privacy-naleving met geautomatiseerde transfer impact assessments

Jul 15, 2022 3:43:49 PM / by PrivacyPerfect posted in USA, GDPR Guideline, Data Transfer, International Data Transfer, EEA, DPIA, Data Processing Agreements, Data Protection Impact Assessments, SchremsII, TIA

Gegevens delen buiten de EU is sinds de gerechtelijke Schrems-II uitspraak een grotere uitdaging geworden. Organisaties zijn verplicht om Transfer Impact Assessments (TIA’s) uit te voeren om mogelijke risico’s van data-overdracht uit de EU naar andere landen te beoordelen. Dit was tot voor kort arbeidsintensief en foutgevoelig, maar dankzij onze samenwerking met het internationale advocatenkantoor DLA Piper kan het nu veel efficiënter en op gestandaardiseerde manier. De TIA-tool van DLA Piper, Transfer, is geïntegreerd in de PrivacyPerfect privacy-compliance SaaS-omgeving, en onderdeel van de assessment-module. 

Read More

Data protection starts with vendor risk management

Apr 21, 2022 2:50:49 PM / by PrivacyPerfect

Gain insight into your supplier ecosystem to easily identify and efficiently assess and mitigate third-party risks. Integrate Vendor Risk Management with your processing register and Data protection impact assessment. 

Read More

How to conduct a Data Protection Impact Assessment, why is it hard, and who can help you?

Feb 8, 2022 2:35:46 PM / by PrivacyPerfect

Conducting a DPIA is an important method to demonstrate accountability for all the personal data processings within your organisation. Though executing a DPIA is not an easy thing to do, it is according to the GDPR in case of a high risk processing, mandatory to perform. In this blog we will discuss in short the importance of a DPIA and how one should be performed. 

Read More

AP waarschuwt voor privacyrisico’s in het onderwijs - het onderwijs is aan zet

Dec 2, 2021 2:00:00 PM / by PrivacyPerfect

Begin november 2021 heeft de Autoriteit Persoonsgegevens (AP) een paper gepubliceerd waarin zij waarschuwt voor privacyrisico’s in het onderwijs. Volgens de AP digitaliseert het onderwijs, wat veel kansen maar ook risico’s met zich meebrengt. Hoewel de Algemene Verordening Gegevensbescherming (AVG) inmiddels zo’n 3 jaar geleden in werking is getreden, worstelen veel onderwijsinstellingen met het naleven van de AVG. Dat onderwijsinstellingen steeds verder digitaliseren maakt het voldoen aan de privacyregelgeving alleen maar ingewikkelder. Onderwijsinstellingen creëren bijvoorbeeld steeds meer datastromen met (gevoelige) informatie over leerlingen en studenten. De Vereniging van scholen in het voortgezet onderwijs (VO-raad) onderstreept deze bevindingen en benadrukt dat scholen voorzichtig dienen om te gaan met de persoonsgegevens van leerlingen, studenten en hun ouders. De bescherming van persoonsgegevens van kinderen is essentieel gezien hun kwetsbare positie. Echter liggen er ook datalekken op de loer wanneer men zoveel persoonsgegevens verwerkt. Helaas zijn er de afgelopen jaren tal van voorbeelden geweest waarin dit pijnlijk duidelijk werd. 

Read More

Exclusive: Interview with 'Take Back Your Privacy' foundation on their mass privacy claim against TikTok in the Netherlands

Jul 28, 2021 11:12:15 AM / by PrivacyPerfect

TikTok is facing a second mass claim in the Netherlands: the Take Back Your Privacy foundation
(TBYP) and the Consumentenbond laid down a damages claim of a staggering 1,5 billion euros. They
assert that TikTok is illegally collecting and trading children’s private information who are using the
social media platform. But what is the basis of the case, how is it progressing, and what can you as a
parent do to ensure your child's personal information remains private?


Interview with Friederike van der Jagt, Chairwoman of the Take Back Your Privacy foundation and
Damiën Berkhout, lawyer of the foundation and partner at Scott + Scott Attorneys at Law LLP.

Read More

As French automated audits of cookie consent rules continue, non-compliant websites face sanctions

Jul 1, 2021 2:07:35 PM / by PrivacyPerfect

Back in April 2021, we wrote that if your website is accessible in France (and hey, aren’t they all?), chances are website owners had to bring their cookie consent practices in line with new French rules or face the wrath of France's data protection supervisor, the Commission nationale de l'informatique et des libertés, (CNIL), which had automated audits to periodically analyze cookie deposit practices. 

Read More

The updated EDPB recommendations on supplementary measures - What’s needed for compliant transfers

Jun 24, 2021 4:53:48 PM / by PrivacyPerfect

The European Data Protection Board (EDPB) adopted, on 18 June 2021, the final version of its Recommendations 01/2020 on measures that supplement transfer tools to ensure compliance with the EU level of protection of personal data

The recommendations were first adopted for public consultation in November 2020, following the Cåourt of Justice of the European Union (CJEU) judgment in Data Protection Commissioner v. Facebook Ireland Limited, Maximillian Schrems (C-311/18) (Schrems II) in which it invalidated the EU-US Privacy Shield, making EU-US data transfers using the PrivacyShield non-compliant overnight. The Court also subscribed additional supplementary measures for using possible replacement transfer mechanisms, making  the load on organisations even heavier. 

Read More

SCC and other news: Rapid developments for international transfers

Jun 17, 2021 5:00:16 PM / by PrivacyPerfect

The release of new standard contractual clauses (SCC) for safeguarding personal data being transferred out of the EU did not come as a surprise in data protection circles, but it certainly will be a lot of work to read through the documents and renegotiate current contracts with customers and suppliers.

Read More

What is Third-Party Risk Management

Jun 10, 2021 3:41:11 PM / by PrivacyPerfect

As businesses increase their use of outsourcing, organisations are entrusting more of their business processes to third-parties and business partners, so they can focus on what they do best. This means they must ensure these third-parties are managing both privacy and security well, or risk  business uncertainties, legal liabilities and reputational damage. The risk of cyber attacks and data breaches from third-party vendors must be identified and mitigated. 

Read More

When Do I Need a Data Processing Agreement?

May 6, 2021 5:52:10 PM / by PrivacyPerfect

A DPA is a written agreement between an organisation (‘data controller’) and a third-party organisation handling personal data for the controller (‘data processor’) that ensures that all processing tasks are carried out in accordance  with both the EU’s General Data Protection Regulation (‘GDPR’).

The processing of personal data is almost always an issue in commercial relationships, to a greater or lesser extent. But even more so when concerning IT solutions. IT is, after all, by its very nature used for automated processing of data and many of those data qualify as personal data. Information is considered ‘personal data’ if a party has the means to trace the data back to an identifiable individual. This can therefore be data about the organization's own employees as well as data about customers or prospects. 

Read More

    Lists by Topic

    see all
    harmas_Rajztábla 1-1
    Keep informed!
    Sign up to the Weekly GDPR Digest now.