Do you sometimes feel that internet works like magic; do certain incidents seem inexplicable to you, such as getting flooded with advertisements about products you may have idly surfed days ago? Whether you are a technical genius or technologically challenged, if you spend any of your time online, you have probably seen pop-up screens while surfing online, that require you to agree to the use of something called “Cookies”. Do
Before conducting an international data transfer, organisations need to check the GDPR very carefully. International data transfers should not only be compliant with Chapter 5 but also with all other requirements of the GDPR (following from Article 44 GDPR). Also, in order to transfer personal data outside the EU, organisations need to follow the layered approach of the European Data Protection Board.
The European Economic Area (EEA) is the combination of European Union (EU) and European Free Trade Association (EFTA) states, except for Switzerland. The EEA has now incorporated the GDPR into the EEA agreement. This was done by an EEA Joint Committee Decision dated 6th July 2018, which came into force on 20th July, 2018.
International data transfers are unavoidable for most of the businesses and organisations in today’s digital world. The GDPR takes a balanced approach between the necessity of cross-border data flows for the purposes of international trade and the level of protection provided to natural persons. Although the Regulation allows the free flow of personal data between Member States, it restricts data transfers to countries
Previously, I wrote a blog post (see here) on data breaches and where to report them, focusing on the notion of ‘lead supervisory authority’. In this blog post, I focus on the contents of data breach notifications in relation to the GDPR. It is important to notice that notifications might be to either of two stakeholders: the supervisory authority and/or the data subjects concerned (the ‘victims’ of the data breach). Using GDPR compliance
The GDPR is subject to a lot of speculation and ‘fake news’ these days, and therefore we would like to present seven major myths about the GDPR that are just that: myths. Participate in GDPR discussions with more knowledge about what GDPR is not about – you can read it in this blog post.
Under the GDPR, a personal data breach has to be notified to the relevant supervisory authority in most circumstances, most notably when there is a risk for the rights and freedoms of the data subject because of the occurrence of the breach. What is a breach, and which supervisory authority does it have to be notified to? In this blog post, we briefly discuss the answers to these questions.