THE PRIVACYPERFECT BLOG

The GDPR applies to organisations and public bodies of all types, that collects and processes personal data belonging to individuals residing in the EU/EEA, charities and NGOs are also obligated to comply with the EU’s privacy regulation. As NGOs and charities handle an abundance of sensitive data, it’s important to take appropriate safeguards in order to avoid GDPR fines and cyberthreats. Numerous research has indicated that the GDPR has helped companies with an increase of consumer trust, but what does this mean for NGOs specifically in terms of potential benefits?

Legitimate interest and consent are two of the six lawful bases that data processors can choose from when gathering and processing data subject personal data. Both of the mentioned lawful bases are the most commonly used reasoning among organisations for their data gathering. But what are some of the key differences between the two? 

Earlier this week, France announced that it will be the first country within the EU to introduce the use of facial recognition for government services. A decision that has raised a few eyebrows in terms of people’s privacy and the connotation it may imply in regards to the GDPR. Didier Baichere, a lawmaker with French president Emmanuel Macron ́s party, insisted that the general public shouldn't be worried. But, should they? What sort of implications can facial recognition technology make and just how protected are the public’s sensitive data? Let’s take a look.

What does the GDPR really mean for you as a retailer? Well, as is often the case with a subject like privacy: it depends. After you’ve determined that the GDPR is applicable because personal (identifying) data is involved, let’s take a look at today’s retail business operations and what it entails. We will go through specific aspects of direct marketing, e-commerce habits, and even efforts made for compliance offline, to get a better understanding of what the GDPR means for retail.

Data breach. Two words you just don’t want to hear after a long week. It’s finally the Friday afternoon you’d been waiting for. Weekend plans with the family, the clock has just hit 16:00, and the weather isn’t as bad as predicted. Yet, here you are, after conducting a DPIA, finding yourself in a situation where you have a mere 72 hours to handle a whole breach. In this blog post, we will discuss your options, and provide you with support to handle this procedure seamlessly.

Conducting a DPIA is often seen as a rather challenging task. But, there are ways still to make it a little easier.  We have highlighted the steps to get through conducting a DPIA in the least painless way possible. We’ve put down aspects from pre-assessment elements, through overcoming the struggles of getting support and involving key players, to how you can cut through the edges and simplify processes.         

We have now introduced a new DPIA module within our software. Besides all the serious stuff in and around it, we wanted to do something more in line with the time of year: summer, vacation, relaxation and fun. So we matched movie fragments with each of the eleven DPIA triggers that were issued by the European Data Protection Board. Seen all these movies? Relive the excitement. Never seen any of them? Check out the fragments and see if they’re worth a search on Netflix.