Free Trial

    THE PRIVACYPERFECT BLOG

    Checklist for DPOs starting at a new company

    Jun 4, 2020 2:04:43 PM / by PrivacyPerfect posted in DPO, Data Protection Officer, Personal Data, GDPR Controller, gdpr2020, law firms, legal services

    Starting at a new organisation as a Data Protection Officer is very exciting, but can also feel a little overwhelming: Where to start? What to do first? Who to talk to? How to get up to speed as fast as possible? To help ease the transition, we have created a checklist for the first couple of months that DPOs may find useful when starting out at their new company. 

    Read More

    DSRs: practical challenges and guidance for process optimisation

    May 29, 2020 9:33:29 AM / by PrivacyPerfect posted in Data Protection, GDPR Software, Data Protection Officer, Data Controlling, GDPR Compliance Program, DSAR

    While Data Subject Requests (DSRs) are not a new concept, with the enforcement of the GDPR back in 2018 May, further guidelines have been introduced. With obligations becoming stricter and wider, as several additional requirements and exemptions were laid out by the EU privacy regulation, organisations often seem to be facing challenges in handling DSRs, primarily due to the complexity and time-consuming nature of the process. In this blog post, our privacy experts discuss the typical challenges organisations may face in addressing a request under each right, and provide guidance in finding solutions to these challenges.

    Read More

    Healthcare institutions and GDPR compliance in a digital world

    May 7, 2020 2:33:10 PM / by PrivacyPerfect posted in EU, Data Privacy, Data Protection, Data Security, DPO, Data Protection Officer, GDPR Controller, gdpr2020, healthdata, healthcare

    Digital transformation is and has been the focus of many organisations in the last couple of years, including those of the healthcare sector. This shift brings with it new, additional aspects for all areas, a major one being data protection. In the healthcare sector, where a huge amount of sensitive personal data is being processed on a daily basis, protection of this data has to be of top priority, with strict procedures, access controls, and guidelines on privacy. As such, compliance with the GDPR, within digitized care and cure organisations, is crucial. Let’s take a look at how you can ensure compliance for your healthcare organisation without disrupting the efficiency of your work.

    Read More

    GDPR Easy Read: How decisive is it for your company's compliance efforts to provide the DPO with the right resources?

    May 1, 2020 1:01:48 PM / by PrivacyPerfect posted in DPO, Data Protection Officer, GDPR Easy Read

    The Data Protection Officer (DPO) is a role that's often met with growing pressure and mounting challenges due to the complexity of obligations to the GDPR, a substantial amount of workload, and the dependency of contributions from other departments within the company. With reports revealing that companies will continue to gather an increasing abundance of data to work with, providing the right tooling and resources to your DPO could prove essential for a company's GDPR compliance efforts. At the end of 2019, a study was conducted to look into how DPOs themselves weighed up on this importance. As DPOs often find themselves struggling to gain this additional support, let's take a look into the facts and figures that highlight this struggle. Most importantly, we'll also see how we can change this obstacle, into an opportunity. 
     

    Read More

    How can your organisation recover after a personal data breach?

    Apr 30, 2020 1:00:00 PM / by PrivacyPerfect posted in EU, Data Breach, DPO, Data Protection Officer, Data Controlling, Reputation, gdpr, gdpr2020

    Since the enforcement of the GDPR approximately two years ago, over 160,000 breaches have been reported from across the EU. In the Netherlands alone, almost 27,000 data breaches were reported in 2019 - a 29% increase compared to the year before. Personal data breaches happen both due to external threats and internal security incidents, and both are on the rise. Given these figures and the large amount of personal data collected by organisations, even if the necessary safeguards are in place, the odds of a data breach happening within your organisation is quite high. So, what if a personal data breach does happen, how can you make sure that your organisation recovers from it quickly and well?

    Read More

    How to gain C-level support for your compliance efforts

    Apr 2, 2020 9:00:00 AM / by PrivacyPerfect posted in DPO, Data Protection Officer, GDPR Controller, Reputation under GDPR, GDPR Reputation, gdpr2020, data minimisation

    The role of the Data Protection Officer (DPO), is one that’s often met with mounting pressure and increasing challenges due to the complexity of regulations, a huge amount of workload, and dependency of support of other departments. The GDPR also emphasises on the importance of the role the DPO has in major business decisions, since these need to be aligned with the regulation and  organisation’s data protection strategy, in order to maintain compliance. With so much going on, getting the right tools, resources, and support from top-levels is absolutely essential for this role. At the same time, DPOs are often faced with reluctance, and are sometimes struggling to gain additional support from C-level management. In this blog post, we provide tangible advice on getting this support.

    Read More

    All you need to know about Data Processing Agreements

    Mar 19, 2020 4:04:37 PM / by PrivacyPerfect posted in EU, GDPR Compliance, Data Protection, DPO, Data Protection Officer, GDPR Controller, GDPR Processor, GDPR Reputation, gdpr, DPA, gdpr2020

    One way or another, almost all organisations rely on third parties for processing personal data in today’s digital world, creating a direct need for data processing agreements (DPA). Even the tools that are considered to be the basic necessities in business, such as email clients, CMS systems, data storage servers, or website analytics, all process personal data on behalf of organisations. With the introduction of the GDPR, there are strict requirements and guidelines on how this can be done in a compliant manner, through signed DPAs between the organisation (the data controller) and any party that acts as a data processor on their behalf. But what are Data Processing Agreements (DPAs), are they really necessary for you, what do they look like, and who needs to be involved from within your organisation? 

    Read More

    How to overcome the challenges of responding to DSARs

    Mar 5, 2020 3:43:52 PM / by PrivacyPerfect posted in DPO, Data Protection Officer, GDPR Reputation, gdpr, Netherlands, gdpr2020, DSAR

    Since the enforcement of the GDPR back in May 2018, organisations that process personal data within the EU & EEA are obligated to respond to a Data Subject Access Request (DSAR). DSARs are not new, however, the GDPR enforced a new set of new rules for the process. For instance, organisations today are required to respond within 30 days upon receiving a request. The tight time-frame and the process itself often poses challenges for organisations when responding to DSARs.

    Read More

    What are Some Key Differences Between Consent & Legitimate Interest?

    Jan 9, 2020 2:11:47 PM / by PrivacyPerfect posted in EU, GDPR Compliance, Data Privacy, Data Processing, Data Protection Officer, GDPR Controller, GDPR Processor, Data Controlling, GDPR Reputation, Data Consent, Consent, Marketing under GDPR, GDPR for Marketers, gdpr, DPIA

    Legitimate interest and consent are two of the six lawful bases that data processors can choose from when gathering and processing data subject personal data. Both of the mentioned lawful bases are the most commonly used reasoning among organisations for their data gathering. But what are some of the key differences between the two? 

    differences_consent_legitimate_interest_lawful_basis

    Read More

    Companies and the Race for Compliance

    Dec 11, 2019 1:51:05 PM / by PrivacyPerfect posted in EU, GDPR Compliance, US, GDPR for SMEs, Small business GDPR, Medium business GDPR, DPO, Data Protection Officer, International GDPR, Reputation under GDPR, GDPR Reputation, GDPR For Tech Companies, gdpr 2019, Europe

    As we slowly enter 2020, during the year of 2019, numerous studies have been conducted with the objective to see just how far companies fare in regards to their GDPR compliance efforts. As fines and penalties are still being issued from various data protection regulators in their respectful countries, it may be suggested that companies, ranging from multinational corporations to SMEs, are still struggling to be fully compliant with the GDPR. In this blogpost, we take a look at several key studies done by various types of organisations, the numbers in their findings, and how it all shapes the race for compliance.

    Read More

      Lists by Topic

      see all
      harmas_Rajztábla 1-1
      Keep informed!
      Sign up to the Weekly GDPR Digest now.