There’s a pile of cooking books on your desk. It’s approximately a meter high. It’s full of wonderful and complex recipes for all kinds of different cakes. They are written by the most famous patissiers of the continent. The problem is that you do not only have to read all the recipes, but you have to compile it into one consistent new recipe for a cake that does justice to the tradition of all these famous patissiers. What do you do?
Facial recognition is yet another exciting new technology that awaits its wider introduction in Europe. There are already various applications in the European Union, such as passport identification at airports, policing, and name tagging on social media platforms, such as Facebook. However, up until now, large scale deployment has not yet occurred. Why is that? And could it be related to the GDPR?
The shift from ‘connected cars’ (cars communicating with their manufacturers, traffic lights, surrounding vehicles etc.) to ‘self-driving’, ‘driverless’ or ‘autonomous cars’, will impose new challenges to GDPR compliance. Business models and use cases of such cars will change, as will controllership, processors, purposes, and types of data being processed. In this article, we will discuss the repercussions and challenges to GDPR compliance in this paradigm shift.
The GDPR imposes many rights and obligations on organisations that require software support. Any software supplier will have to make decisions on how to interpret the GDPR and where GDPR compliance software or data processing is needed. Because of the countless vague concepts in the Regulation, suppliers will have different interpretations which of course can lead to a varied number of outcomes within the software.
The fines usually attract the most attention when discussing the GDPR. Four percent of your worldwide annual turnover sounds scary - and ‘fear, uncertainty and doubt’ sell. But when we focus on the main risk of being noncompliant with the new privacy regulation, then the logical conclusion is that your reputation is what is at stake. So, how can you safeguard your organisation’s reputation in the field of personal data protection?
Previously, I wrote a blog post (see here) on data breaches and where to report them, focusing on the notion of ‘lead supervisory authority’. In this blog post, I focus on the contents of data breach notifications in relation to the GDPR. It is important to notice that notifications might be to either of two stakeholders: the supervisory authority and/or the data subjects concerned (the ‘victims’ of the data breach). Using GDPR compliance
A debate has been going on for quite some years now about the question whether dynamic IP addresses constitute personal data in the sense of European data protection legislation. An IP address is the logical address of a node on the internet (be it a computer, a network device or a mobile device). Given the limited number of available IP addresses available under the 'old' but still widely used IPv4 standard, often a single