What is Third-Party Risk Management

Jun 10, 2021 3:41:11 PM / by PrivacyPerfect

As businesses increase their use of outsourcing, organisations are entrusting more of their business processes to third-parties and business partners, so they can focus on what they do best. This means they must ensure these third-parties are managing both privacy and security well, or risk  business uncertainties, legal liabilities and reputational damage. The risk of cyber attacks and data breaches from third-party vendors must be identified and mitigated. 

Read More

When Do I Need a Data Processing Agreement?

May 6, 2021 5:52:10 PM / by PrivacyPerfect

A DPA is a written agreement between an organisation (‘data controller’) and a third-party organisation handling personal data for the controller (‘data processor’) that ensures that all processing tasks are carried out in accordance  with both the EU’s General Data Protection Regulation (‘GDPR’).

The processing of personal data is almost always an issue in commercial relationships, to a greater or lesser extent. But even more so when concerning IT solutions. IT is, after all, by its very nature used for automated processing of data and many of those data qualify as personal data. Information is considered ‘personal data’ if a party has the means to trace the data back to an identifiable individual. This can therefore be data about the organization's own employees as well as data about customers or prospects. 

Read More

Android privacy issue discovered - Dutch halt alerting contacts via COVID app, other countries likely also impacted

Apr 29, 2021 2:05:16 PM / by PrivacyPerfect

Users of the Dutch app CoronaMelder who become infected with the coronavirus will now temporarily not be able to send alerts in the coming days. This was decided by Dutch Minister Hugo de Jonge (Public Health) on Wednesday after a privacy issue with Android phones came to light. The same vulnerability likely also impacts other countries’ contact tracing apps, but no other action is known as of time of writing. Millions worldwide have downloaded contact tracing apps using Apple’s and Google’s framework, thought to be anonymous: The Dutch app was downloaded 4,8 million times, and the U.K.’s National Health Services’ app has at least 16 million users.

Read More

DPIAs as a tool for Schrems II compliance

Apr 22, 2021 3:13:56 PM / by PrivacyPerfect

As the dust has settled somewhat, organizations are still very busy implementing alternative data transfer mechanisms after the revolutionary "Schrems II" decision invalidated PrivacyShield (which allowed free transfer of personal data between the EU and US). During this, one important tool remains often overlooked: data protection impact assessment (‘DPIA’).

Read More

No Brexit for personal data flows? & how to prepare to prevent gaps

Apr 16, 2021 9:55:20 AM / by PrivacyPerfect posted in Brexit

On 14 April 2021 the European Data Protection Board (EDPB) adopted two Opinions on the draft UK adequacy decisions.

It is not a done deal, but the report by the EU wide umbrella organisation for privacy protection seems to be one more significant hurdle cleared for EU-UK data flows.

There are two opinions since there are two draft adequacy decisions, one dealing with law enforcement and national security and the second dealing with more general data protection and data transfer matters.

Read More

French privacy authority new cookie rules enter into force

Apr 9, 2021 9:18:26 AM / by PrivacyPerfect

France's data protection supervisor, the Commission nationale de l'informatique et des libertés, (CNIL) notified the end of the transition period of it’s amended guidelines & recommendations on cookies and other tracers. If your website is accessible in France, chances are website owners have to bring their cookie consent practices in line with the new rules.

Read More

What we can learn from the €475.000 fine

Apr 6, 2021 9:56:11 AM / by PrivacyPerfect

The Dutch data protection authority, Autoriteit Persoonsgegevens (AP), fined B.V. 450,000 euros for violations related to a 2018 breach. The AP alleges the Dutch company did not report a breach involving more than 4.100 customers until 22 days after the reservation service provider was made aware of the incident. The delay fell outside of the 72-hour breach notification requirement. 

Read More

France's highest administrative court clarifies Schrems II requirements

Mar 24, 2021 2:05:37 PM / by PrivacyPerfect

Major impact for everyone in EU-non EU partnerships.

After the Schrems II judgement, privacy pros around the world were at a loss what to do. Now, a judgement by the Conseil d’Etat — France's highest administrative court — seems to have shed light on the situation.

Read More

Could the proposed U.S. federal privacy law be enough for free data flow between the EU and U.S., or is a Privacy Shield replacement ‘years away’?

Mar 11, 2021 5:38:56 PM / by PrivacyPerfect

European Union Justice Commissioner Didier Reynders stated he does not expect a replacement for the EU-US Privacy Shield agreement to come quickly. Reynders said a new data transfer deal between the EU and US could take years rather than months as ‘it may be challenging to find a solution to protect European citizens' data from US intelligence agencies’. 

Read More

Zorg: DPIA op bestaande verwerkingen?

Mar 11, 2021 10:29:17 AM / by


Moet je als zorgaanbieder ook een DPIA doen voor bestaande verwerkingsactiviteiten?

Ja, soms moet je alsnog een data protection impact assessment (DPIA) uitvoeren voor een bestaande verwerking. Dat is als er iets verandert aan het risico van de gegevensverwerking. En de gegevensverwerking vervolgens (na de verandering) een hoog privacyrisico oplevert.


Read More

    Lists by Topic

    see all
    harmas_Rajztábla 1-1
    Keep informed!
    Sign up to the Weekly GDPR Digest now.