Since the GDPR went into effect in May 2018, more and more people have become aware of their right to make a request to access the personal data that an organisation holds on them or have these data modified or deleted. This request, also known as a “Data Subject Request” (DSR), is a legal right for individuals according to the GDPR. Organisations are, in most cases, required to fulfil those data subject requests and will risk fines or other penalties if they don’t.
Onlangs publiceerde de Autoriteit Persoonsgegevens (AP) de “Jaarrapportage meldplicht datalekken 2021”, met een verontrustende stijging van datalekken als gevolg van cyberaanvallen. Naast het voorkomen van datalekken is het zeer belangrijk om te weten hoe te handelen in het geval van een datalek. In deze blog lees je wat je moet doen in het geval van een datalek en hoe PrivacyPerfect hierbij kan helpen.
Even two years after the enforcement of the GDPR, a lot of misconception and speculation surrounds the EU privacy regulation still. While most of us know one thing or the other about the GDPR, only a few have extensive knowledge on it, and what it means exactly in practice. In this blog post, we take a look at five common myths of the GDPR and set the record straight.
Earlier this week, France announced that it will be the first country within the EU to introduce the use of facial recognition for government services. A decision that has raised a few eyebrows in terms of people’s privacy and the connotation it may imply in regards to the GDPR. Didier Baichere, a lawmaker with French president Emmanuel Macron ́s party, insisted that the general public shouldn't be worried. But, should they? What sort of implications can facial recognition technology make and just how protected are the public’s sensitive data? Let’s take a look.
It’s a rainy Thursday morning and I’ve just got into my driverless cab. I’d usually miss it, but because the cab now knows the average time I take to get ready, there is no actual way I could miss one. It knows where I need to go, what time I need to be there and also the preferred route I want, all through a 0.2 second scan of my thumb’s fingerprint. During my ride, I listen to the playlist made for me specially for this Thursday. It was made instantly as I typed in the first two words that came to my mind this morning. It can be any literally any word, isn’t that fun? It knows what music I want to listen to, the length of the songs I like, the mix of genres I prefer, and it also predicts the exact moments I would get bored of the song and automatically removes it from the playlist - only to replace it with an absolute banger of a song I was thinking about giving a listen to.
What does the GDPR really mean for you as a retailer? Well, as is often the case with a subject like privacy: it depends. After you’ve determined that the GDPR is applicable because personal (identifying) data is involved, let’s take a look at today’s retail business operations and what it entails. We will go through specific aspects of direct marketing, e-commerce habits, and even efforts made for compliance offline, to get a better understanding of what the GDPR means for retail.
Data breach. Two words you just don’t want to hear after a long week. It’s finally the Friday afternoon you’d been waiting for. Weekend plans with the family, the clock has just hit 16:00, and the weather isn’t as bad as predicted. Yet, here you are, after conducting a DPIA, finding yourself in a situation where you have a mere 72 hours to handle a whole breach. In this blog post, we will discuss your options, and provide you with support to handle this procedure seamlessly.
Back in June, the UK’s Data Protection Authority (ICO) released statements on their stance in regards to ad tech, saying: “If you operate in the adtech space, it’s time to look at what you’re doing now, and to assess how you use personal data” (Simon McDougall, Executive Director for Technology and Innovation at ICO). The ICO also released a report that looked into how the ad tech sector should comply with the GDPR. Below are the most important aspects to take into account if you work in or with the ad tech sector:
New cookie guidance, joint controllership status due to social media plugins, and tech companies spying on you through their digital assistants - they might be listening when you ask Google or Siri for the route back home from France. The weeks from the 20th of July to the 10th of August were hectic. Instead of going through piles of news around data privacy from the summer months, get quickly caught up by looking at a summary of the most important happenings in this short blog post, the second of a three piece series, focusing on the last two summer months.
You, or your company, want to build a website. Maybe you already have one, but want to start using a Content Management System (CMS), or switch to another from your current one. Here’s a refresher on what a CMS is: it’s a software content system that enables you to create and modify digital content, such as website pages. A few well-known CMS examples that we will touch on in this post are Wordpress, Joomla, Drupal, and HubSpot.