.png?width=500&name=logo_transparent%20(4).png "logo_transparent (4)"){kind=logo}
Back when the GDPR was still within the adaptation phase, data-driven organisations and public bodies that process personal data on a large scale found the new obligation of data minimisation to be a rather vague obstacle. The GDPR states that “personal data shall be adequate, relevant, and not excessive in relation to the purpose or purposes for which they are processed”, but this concept still often poses challenges for some firms. At the same time, data driven organisations continue to process and gather personal data on a large scale, where data minimisation could prove that ‘bigger’ might not necessarily always mean ‘better’: after over a year since the EU privacy regulation’s enforcement, we have now learned that data minimisation actually holds several benefits for organisations that decide to embed it into their practices. Before we start looking into what data minimisation can look like in practice, let’s take a look into what this concept entails exactly according to the GDPR.
Recent Posts
After the enforcement of the GDPR, organisations had to make their choice on how to comply with the EU privacy regulation: using the method of privacy by design or privacy by default. For some organisations, one or both of these concepts were new, but these are now legal obligations for all those handling personal data. The GDPR emphasises that privacy by design requires organisations to consider privacy compliance in the initial designing process upfront in everything that the organisation does in regards to their handling of personal data. Meanwhile privacy by default means that organisations should be only gathering personal data that is required. But which one these methods fit your organisation the best, and how can you make sure you benefit from compliance?
Back in the adaptation period of the GDPR between 2016 and 2018 May, many businesses were concerned that the new EU-privacy regulation might weaken their marketing efforts, especially in the field of email marketing. As the GDPR puts several restrictions on why and how personal data can be collected and processed, previous forms of popular marketing techniques, such as building a database of prospects for years on end, and purchasing prospect lists, had to be changed and adjusted for compliance. These types of databases were used most typically for the email marketing efforts or organisations, therefore many believed that this aspect of business marketing might actually suffer from the new regulation. After over a year since the enforcement of the GDPR though, businesses reported several benefits of the GDPR in regard to marketing, through adapting a compliant email marketing strategy. So, what steps can your organisation take to make sure to enjoy these benefits, while strengthening your compliance?
The GDPR applies to organisations and public bodies of all types, that collects and processes personal data belonging to individuals residing in the EU/EEA, charities and NGOs are also obligated to comply with the EU’s privacy regulation. As NGOs and charities handle an abundance of sensitive data, it’s important to take appropriate safeguards in order to avoid GDPR fines and cyberthreats. Numerous research has indicated that the GDPR has helped companies with an increase of consumer trust, but what does this mean for NGOs specifically in terms of potential benefits?
Reports have indicated that people have become increasingly critical about their data on how it's stored and what it is being used for. It has become paramount that businesses take the extra steps in ensuring a secure and privacy compliant way of handling such personal data. As pressure heaps on businesses and brands to adopt this data privacy centered culture, why is it vital for brands to use compliance to their advantage, and not see it as a burden?
Legitimate interest and consent are two of the six lawful bases that data processors can choose from when gathering and processing data subject personal data. Both of the mentioned lawful bases are the most commonly used reasoning among organisations for their data gathering. But what are some of the key differences between the two? 
This is the story of one cold December for Jamie, and his data conscious filled adventure. He started the month with his Christmas shopping, all the discounts and all the best offers about - he grabbed them all, without a hint of any doubt. From the latest headphones, to pants, a new pair of white sneakers, and even some living room plants. He realised one important thing, after all that almost effortless buying, he’d not just been spending money here and there, he’d been giving his data - with almost nothing to spare.
As we slowly enter 2020, during the year of 2019, numerous studies have been conducted with the objective to see just how far companies fare in regards to their GDPR compliance efforts. As fines and penalties are still being issued from various data protection regulators in their respectful countries, it may be suggested that companies, ranging from multinational corporations to SMEs, are still struggling to be fully compliant with the GDPR. In this blogpost, we take a look at several key studies done by various types of organisations, the numbers in their findings, and how it all shapes the race for compliance.
When the EU fully enforced the GDPR back in May of 2018, there were many speculations and doubts on the consequences, and whether or not SMEs will need to adhere to the full extent of the regulations or not. A common misconception that followed was that the GDPR was seen as a data privacy law that would only be looking into the data protection practices of big multinational enterprises. After over a year since it’s enforcement now, we are able to see the first results on the extent of how the GDPR can apply to each type of business, and what best practices businesses can turn to in order to stay aligned to the obligations. In this blog post, we look into the important points SMEs should know in regards to the GDPR and how the regulation can be turned into a benefit, rather than a burden.
Earlier this week, France announced that it will be the first country within the EU to introduce the use of facial recognition for government services. A decision that has raised a few eyebrows in terms of people’s privacy and the connotation it may imply in regards to the GDPR. Didier Baichere, a lawmaker with French president Emmanuel Macron ́s party, insisted that the general public shouldn't be worried. But, should they? What sort of implications can facial recognition technology make and just how protected are the public’s sensitive data? Let’s take a look.
