THE PRIVACYPERFECT BLOG

How can your organisation recover after a personal data breach?

Apr 30, 2020 1:00:00 PM / by PrivacyPerfect posted in EU, Data Breach, DPO, Data Protection Officer, Data Controlling, Reputation, gdpr, gdpr2020

Since the enforcement of the GDPR approximately two years ago, over 160,000 breaches have been reported from across the EU. In the Netherlands alone, almost 27,000 data breaches were reported in 2019 - a 29% increase compared to the year before. Personal data breaches happen both due to external threats and internal security incidents, and both are on the rise. Given these figures and the large amount of personal data collected by organisations, even if the necessary safeguards are in place, the odds of a data breach happening within your organisation is quite high. So, what if a personal data breach does happen, how can you make sure that your organisation recovers from it quickly and well?

Read More

Debunking 5 common GDPR myths

Apr 23, 2020 9:00:00 AM / by PrivacyPerfect posted in Data Breach, Personal Data, Data Consent, Consent, gdpr, gdpr2020

Even two years after the enforcement of the GDPR, a lot of misconception and speculation surrounds the EU privacy regulation still. While most of us know one thing or the other about the GDPR, only a few have extensive knowledge on it, and what it means exactly in practice. In this blog post, we take a look at five common myths of the GDPR and set the record straight.

Read More

All you need to know about Data Processing Agreements

Mar 19, 2020 4:04:37 PM / by PrivacyPerfect posted in EU, GDPR Compliance, Data Protection, DPO, Data Protection Officer, GDPR Controller, GDPR Processor, GDPR Reputation, gdpr, DPA, gdpr2020

One way or another, almost all organisations rely on third parties for processing personal data in today’s digital world, creating a direct need for data processing agreements (DPA). Even the tools that are considered to be the basic necessities in business, such as email clients, CMS systems, data storage servers, or website analytics, all process personal data on behalf of organisations. With the introduction of the GDPR, there are strict requirements and guidelines on how this can be done in a compliant manner, through signed DPAs between the organisation (the data controller) and any party that acts as a data processor on their behalf. But what are Data Processing Agreements (DPAs), are they really necessary for you, what do they look like, and who needs to be involved from within your organisation? 

Read More

How to overcome the challenges of responding to DSARs

Mar 5, 2020 3:43:52 PM / by PrivacyPerfect posted in DPO, Data Protection Officer, GDPR Reputation, gdpr, Netherlands, gdpr2020, DSAR

Since the enforcement of the GDPR back in May 2018, organisations that process personal data within the EU & EEA are obligated to respond to a Data Subject Access Request (DSAR). DSARs are not new, however, the GDPR enforced a new set of new rules for the process. For instance, organisations today are required to respond within 30 days upon receiving a request. The tight time-frame and the process itself often poses challenges for organisations when responding to DSARs.

Read More

What benefits and opportunities does data minimisation hold for businesses?

Feb 19, 2020 12:54:25 PM / by PrivacyPerfect posted in EU, GDPR Compliance, Data Privacy, Data Breach, GDPR For Tech Companies, gdpr, gdpr2020, data minimisation

Back when the GDPR was still within the adaptation phase, data-driven organisations and public bodies that process personal data on a large scale found the new obligation of data minimisation to be a rather vague obstacle. The GDPR states that personal data shall be adequate, relevant, and not excessive in relation to the purpose or purposes for which they are processed, but this concept still often poses challenges for some firms. At the same time, data driven organisations continue to process and gather personal data on a large scale, where data minimisation could prove that ‘bigger’ might not necessarily always mean ‘better’: after over a year since the EU privacy regulation’s enforcement, we have now learned that data minimisation actually holds several benefits for organisations that decide to embed it into their practices. Before we start looking into what data minimisation can look like in practice, let’s take a look into what this concept entails exactly according to the GDPR. 

Read More

Data Breaches: The Business Risk of the Decade

Jan 23, 2020 4:00:00 PM / by The Trust Bridge posted in EU, Data Privacy, Data Protection, GDPR Fines, Data Breach, gdpr, gdpr2020

Working across the information space in both the private, not for profit and the public sector, The Trust Bridge Senior Consultant, Carol Tullo, has seen the ecosystem of data policy expand and collide with the world of information rights. Carol states that “So many of us operating in this field have balanced the advantages of the open flow of data with the tensions in the safety and compliance safeguards that we expect, be it as individuals, family units or businesses” The access, storage and tracking of personal data has changed our worlds. Protecting our data and our individual profiles is what data protection is all about. This is not new.  

Data_breaches_business_risk_decade-1

Read More

What are Some Key Differences Between Consent & Legitimate Interest?

Jan 9, 2020 2:11:47 PM / by PrivacyPerfect posted in EU, GDPR Compliance, Data Privacy, Data Processing, Data Protection Officer, GDPR Controller, GDPR Processor, Data Controlling, GDPR Reputation, Data Consent, Consent, Marketing under GDPR, GDPR for Marketers, gdpr, DPIA

Legitimate interest and consent are two of the six lawful bases that data processors can choose from when gathering and processing data subject personal data. Both of the mentioned lawful bases are the most commonly used reasoning among organisations for their data gathering. But what are some of the key differences between the two? 

differences_consent_legitimate_interest_lawful_basis

Read More

Facial Recognition & GDPR: The Good, The Bad, and the Problematic

Nov 21, 2019 2:23:42 PM / by PrivacyPerfect posted in EU, GDPR Compliance, Data Privacy, Data Protection, Compliance, Data Processing, Personal Data, Data Consent, Consent, Facial Recognition, gdpr, DPIA, gdpr 2019, DPA, Britain

Earlier this week, France announced that it will be the first country within the EU to introduce the use of facial recognition for government services. A decision that has raised a few eyebrows in terms of people’s privacy and the connotation it may imply in regards to the GDPR. Didier Baichere, a lawmaker with French president Emmanuel Macron ́s party, insisted that the general public shouldn't be worried. But, should they? What sort of implications can facial recognition technology make and just how protected are the public’s sensitive data? Let’s take a look.

Read More

A Cautionary Tale: The Brief Look Into the Future of Personalisation

Oct 24, 2019 5:26:39 PM / by PrivacyPerfect posted in EU, GDPR Compliance, Data Privacy, Data Protection, Data Processing, Data Security, DPO, Data Protection Officer, GDPR Reputation, GDPR For Tech Companies, Data Consent, Consent, Cookies, Marketing under GDPR, gdpr, gdpr 2019

It’s a rainy Thursday morning and I’ve just got into my driverless cab. I’d usually miss it, but because the cab now knows the average time I take to get ready, there is no actual way I could miss one. It knows where I need to go, what time I need to be there and also the preferred route I want, all through a 0.2 second scan of my thumb’s fingerprint. During my ride, I listen to the playlist made for me specially for this Thursday. It was made instantly as I typed in the first two words that came to my mind this morning. It can be any literally any word, isn’t that fun? It knows what music I want to listen to, the length of the songs I like, the mix of genres I prefer, and it also predicts the exact moments I would get bored of the song and automatically removes it from the playlist - only to replace it with an absolute banger of a song I was thinking about giving a listen to. 

Read More

Breach don’t kill my vibe: ways to mitigate a data breach

Oct 3, 2019 3:48:17 PM / by PrivacyPerfect posted in EU, GDPR Compliance, Data Security, Data Protection Officer, Reputation under GDPR, GDPR Reputation, GDPR For Tech Companies, Data Consent, GDPR Compliance Program, Consent, gdpr, DPIA, gdpr 2019, Europe, DPA, Netherlands, Britain

Data breach. Two words you just don’t want to hear after a long week. It’s finally the Friday afternoon you’d been waiting for. Weekend plans with the family, the clock has just hit 16:00, and the weather isn’t as bad as predicted. Yet, here you are, after conducting a DPIA, finding yourself in a situation where you have a mere 72 hours to handle a whole breach. In this blog post, we will discuss your options, and provide you with support to handle this procedure seamlessly.

Read More

    Lists by Topic

    see all
    harmas_Rajztábla 1-1
    Keep informed!
    Sign up to the Weekly GDPR Digest now.