Free Trial

    THE PRIVACYPERFECT BLOG

    How to gain C-level support for your compliance efforts

    Apr 2, 2020 9:00:00 AM / by PrivacyPerfect posted in DPO, Data Protection Officer, GDPR Controller, Reputation under GDPR, GDPR Reputation, gdpr2020, data minimisation

    The role of the Data Protection Officer (DPO), is one that’s often met with mounting pressure and increasing challenges due to the complexity of regulations, a huge amount of workload, and dependency of support of other departments. The GDPR also emphasises on the importance of the role the DPO has in major business decisions, since these need to be aligned with the regulation and  organisation’s data protection strategy, in order to maintain compliance. With so much going on, getting the right tools, resources, and support from top-levels is absolutely essential for this role. At the same time, DPOs are often faced with reluctance, and are sometimes struggling to gain additional support from C-level management. In this blog post, we provide tangible advice on getting this support.

    Read More

    GDPR Easy Read: Are CISOs facing even more challenges?

    Mar 31, 2020 3:13:51 PM / by PrivacyPerfect posted in EU, GDPR Compliance, Data Privacy, Data Protection, ciso, GDPR Easy Read

    As a Chief Information Security Officer, you hold a vital role in protecting your organisation's most valuable data as well as their reputation. With experts suggesting the numbers of cyberattacks and data breaches to increase in the upcoming years, your role as a CISO could prove even more decisive. Recent reports have suggested that in the ever-growing pressure CISOs are met with, many are bridging cybersecurity and data privacy together.

    This includes keeping up with the EU's GDPR and the numerous obligations it provides. As you continue to establish your organisation's visions, strategies and programs to ensure information assets are properly protected, how are you bridging data privacy compliance with cybersecurity? 

    Read More

    Are you a Non-EU company? Eight things to know about the obligation to appoint an EU (GDPR) representative

    Mar 26, 2020 4:21:34 PM / by Privacy Minders

    A significant part of non-EU Companies (controllers and processors) established outside the EU to which EU General Data Protection Regulation (GDPR) extends its applicability, may still be unaware that in addition to their obligation to comply with the GDPR, they must also appoint an EU Representative. It is of the outmost importance that the obligation to appoint an EU Representative receives the required attention, as failing to do so is itself a straightforward violation of GDPR. The concept of the Representative was introduced with the aim of facilitating the liaison with and ensuring effective enforcement of the GDPR against non-EU companies that need to comply with GDPR.

    Read More

    All you need to know about Data Processing Agreements

    Mar 19, 2020 4:04:37 PM / by PrivacyPerfect posted in EU, GDPR Compliance, Data Protection, DPO, Data Protection Officer, GDPR Controller, GDPR Processor, GDPR Reputation, gdpr, DPA, gdpr2020

    One way or another, almost all organisations rely on third parties for processing personal data in today’s digital world, creating a direct need for data processing agreements (DPA). Even the tools that are considered to be the basic necessities in business, such as email clients, CMS systems, data storage servers, or website analytics, all process personal data on behalf of organisations. With the introduction of the GDPR, there are strict requirements and guidelines on how this can be done in a compliant manner, through signed DPAs between the organisation (the data controller) and any party that acts as a data processor on their behalf. But what are Data Processing Agreements (DPAs), are they really necessary for you, what do they look like, and who needs to be involved from within your organisation? 

    Read More

    Opportunities Abound In Law Firm GDPR Compliance

    Mar 17, 2020 11:08:09 AM / by PrivacyPerfect posted in law firms, legal services

    Twenty-one months have passed since the implementation of the GDPR.  The desperate flurry of data mapping, consent gaining, and compliance training is but a distant memory, obscured behind the day-to-day pressures of billings, client demands, and other regulatory procedures. Yet, there is no escape from the fourth industrial revolution. The speed at which technology is blurring the lines between the physical, digital, and biological spheres is without precedent.  Every single industry and the lives of all people are being impacted. 

    Read More

    Guidance on the GDPR for higher educational institutes

    Mar 12, 2020 2:15:10 PM / by PrivacyPerfect

    Educational institutions collect vast amounts of personal data from students and staff. Generally, this data falls in the category of regular personal data, such as names, email addresses, and physical addresses. On the other hand, sensitive personal data, such as health information, financial information, legal guardianship contact details, disciplinary records, are also often required. Given the huge quantity and high sensitivity of personal data collected, compliance with the GDPR will have to be a very conscious investment for higher educational institutions, both in terms of time, resources, and tooling. Below is everything you need to know about how the GDPR affects higher education institutions specifically, and how these organisations can start off towards compliance.

    Read More

    How to overcome the challenges of responding to DSARs

    Mar 5, 2020 3:43:52 PM / by PrivacyPerfect posted in DPO, Data Protection Officer, GDPR Reputation, gdpr, Netherlands, gdpr2020, DSAR

    Since the enforcement of the GDPR back in May 2018, organisations that process personal data within the EU & EEA are obligated to respond to a Data Subject Access Request (DSAR). DSARs are not new, however, the GDPR enforced a new set of new rules for the process. For instance, organisations today are required to respond within 30 days upon receiving a request. The tight time-frame and the process itself often poses challenges for organisations when responding to DSARs.

    Read More

    How to find the right DPO for your organisation?

    Feb 27, 2020 3:13:20 PM / by PrivacyPerfect

    The GDPR provides a clear criteria that organisations should take into account when wanting to appoint a Data Protection Officer for their compliance efforts. However, besides the right qualifications, organisations also need to be able to identify what the ‘right’ DPO means for them. For instance, some companies might not have the capacity to appoint someone full-time for data protection, and might find that alternatives such as resorting to external DPO service providers or training existing employees to take up the role are a better fit for them. Other organisations might not even be required to appoint one. In order to be able to determine what the case is for your organisation, first you will need to have a clear understanding of the requirements set up by the GDPR, and then take into consideration the best practices described in this blog post, to see what’s best for your organisation specifically.

    Read More

    How can organisations create the perfect privacy statement?

    Feb 20, 2020 5:31:59 PM / by PrivacyPerfect posted in EU, GDPR Compliance, Compliance, Data Security, Personal Data, GDPR Controller, gdpr2020

    The GDPR highlights that data subjects need to be given the right to be informed about the gathering and the use of their personal data. Organisations are encouraged to fulfill this obligation through a privacy statement, that informs individuals in a clear and easily understandable manner on how their personal data is gathered and processed by the organisation. At the same time, organisations often find challenges in creating the perfect privacy statement as narrowing down a huge variety of complex legal information is not a task for the faint hearted. Furthermore, with the enforcement of the GDPR, previous privacy statements also had to be readjusted. So, what do organisations need to keep in mind for creating the perfect privacy statement, and what benefits it holds to have one, besides compliance?

    Read More

    What benefits and opportunities does data minimisation hold for businesses?

    Feb 19, 2020 12:54:25 PM / by PrivacyPerfect posted in EU, GDPR Compliance, Data Privacy, Data Breach, GDPR For Tech Companies, gdpr, gdpr2020, data minimisation

    Back when the GDPR was still within the adaptation phase, data-driven organisations and public bodies that process personal data on a large scale found the new obligation of data minimisation to be a rather vague obstacle. The GDPR states that personal data shall be adequate, relevant, and not excessive in relation to the purpose or purposes for which they are processed, but this concept still often poses challenges for some firms. At the same time, data driven organisations continue to process and gather personal data on a large scale, where data minimisation could prove that ‘bigger’ might not necessarily always mean ‘better’: after over a year since the EU privacy regulation’s enforcement, we have now learned that data minimisation actually holds several benefits for organisations that decide to embed it into their practices. Before we start looking into what data minimisation can look like in practice, let’s take a look into what this concept entails exactly according to the GDPR. 

    Read More

      Lists by Topic

      harmas_Rajztábla 1-1
      Keep informed!
      Sign up to the Weekly GDPR Digest now.