Responding to Data Subject Requests has been an ongoing challenge for organisations worldwide due to the complexity and tight deadlines of the process. July 1st 2020, California will become the first US state with an enforced comprehensive consumer privacy law, the California Consumer Privacy Act (CCPA), creating new, broad privacy rights that impose significant obligations as well. The new law, which we can see as a Californian counterpart of the General Data Protection Regulation (GDPR), might have a significant impact on entities that collect and share and sell personal data. While both the GDPR and CCPA provide rights to individuals in regard to managing their personal information , there are several overlaps and differences between them. Let’s take a look.
The shift from ‘connected cars’ (cars communicating with their manufacturers, traffic lights, surrounding vehicles etc.) to ‘self-driving’, ‘driverless’ or ‘autonomous cars’, will impose new challenges to GDPR compliance. Business models and use cases of such cars will change, as will controllership, processors, purposes, and types of data being processed. In this article, we will discuss the repercussions and challenges to GDPR compliance in this paradigm shift.
After 2 years since the enforcement of the GDPR, we have learned a lot about its effects, challenges, and advantages. But what learnings does the data hold? Numerous research has been conducted in regard to the privacy regulation, as the GDPR continues to be influential in shaping the way businesses utilise the data they gather. While obliging with the regulation has required plenty of investment from businesses, GDPR compliant organisations are now reporting on gaining a wide-range of competitive advantage thanks to compliancy. In this blog post, we look into key learning points based on global and European research.
Starting at a new organisation as a Data Protection Officer is very exciting, but can also feel a little overwhelming: Where to start? What to do first? Who to talk to? How to get up to speed as fast as possible? To help ease the transition, we have created a checklist for the first couple of months that DPOs may find useful when starting out at their new company.
While Data Subject Requests (DSRs) are not a new concept, with the enforcement of the GDPR back in 2018 May, further guidelines have been introduced. With obligations becoming stricter and wider, as several additional requirements and exemptions were laid out by the EU privacy regulation, organisations often seem to be facing challenges in handling DSRs, primarily due to the complexity and time-consuming nature of the process. In this blog post, our privacy experts discuss the typical challenges organisations may face in addressing a request under each right, and provide guidance in finding solutions to these challenges.
Often the best way to tackle complicated matters is to make it fun. Because, the show must go on. Therefore, here are 8 essential tips to become and stay compliant with the GDPR if you don’t want to be the next one biting the dust.
The enforcement of the GDPR over two years ago has drastically transformed the way organisations collect personal data. As it’s been a transformation that required investment in terms of time and resources, many organisations still find compliance a challenge today. In fact, last year still, out of 1000 organisations, only 28% said that they deemed themselves GDPR compliant. If your organisation is also still in the process of getting your GDPR compliance on track, do not worry: while it’s an investment, it’s a worthy one, that will provide your organisations with opportunities in the long run, for accountability, transparency, and better customer engagement. Our privacy experts have compiled 10 tangible steps that your organisation can take to get started towards compliance.
Digital transformation is and has been the focus of many organisations in the last couple of years, including those of the healthcare sector. This shift brings with it new, additional aspects for all areas, a major one being data protection. In the healthcare sector, where a huge amount of sensitive personal data is being processed on a daily basis, protection of this data has to be of top priority, with strict procedures, access controls, and guidelines on privacy. As such, compliance with the GDPR, within digitized care and cure organisations, is crucial. Let’s take a look at how you can ensure compliance for your healthcare organisation without disrupting the efficiency of your work.
The Data Protection Officer (DPO) is a role that's often met with growing pressure and mounting challenges due to the complexity of obligations to the GDPR, a substantial amount of workload, and the dependency of contributions from other departments within the company. With reports revealing that companies will continue to gather an increasing abundance of data to work with, providing the right tooling and resources to your DPO could prove essential for a company's GDPR compliance efforts. At the end of 2019, a study was conducted to look into how DPOs themselves weighed up on this importance. As DPOs often find themselves struggling to gain this additional support, let's take a look into the facts and figures that highlight this struggle. Most importantly, we'll also see how we can change this obstacle, into an opportunity.