Free Trial

    THE PRIVACYPERFECT BLOG

    All you need to know about Data Processing Agreements

    Mar 19, 2020 4:04:37 PM / by PrivacyPerfect posted in EU, GDPR Compliance, Data Protection, DPO, Data Protection Officer, GDPR Controller, GDPR Processor, GDPR Reputation, gdpr, DPA, gdpr2020

    One way or another, almost all organisations rely on third parties for processing personal data in today’s digital world, creating a direct need for data processing agreements (DPA). Even the tools that are considered to be the basic necessities in business, such as email clients, CMS systems, data storage servers, or website analytics, all process personal data on behalf of organisations. With the introduction of the GDPR, there are strict requirements and guidelines on how this can be done in a compliant manner, through signed DPAs between the organisation (the data controller) and any party that acts as a data processor on their behalf. But what are Data Processing Agreements (DPAs), are they really necessary for you, what do they look like, and who needs to be involved from within your organisation? 

    Read More

    How to overcome the challenges of responding to DSARs

    Mar 5, 2020 3:43:52 PM / by PrivacyPerfect posted in DPO, Data Protection Officer, GDPR Reputation, gdpr, Netherlands, gdpr2020, DSAR

    Since the enforcement of the GDPR back in May 2018, organisations that process personal data within the EU & EEA are obligated to respond to a Data Subject Access Request (DSAR). DSARs are not new, however, the GDPR enforced a new set of new rules for the process. For instance, organisations today are required to respond within 30 days upon receiving a request. The tight time-frame and the process itself often poses challenges for organisations when responding to DSARs.

    Read More

    How can organisations create the perfect privacy statement?

    Feb 20, 2020 5:31:59 PM / by PrivacyPerfect posted in EU, GDPR Compliance, Compliance, Data Security, Personal Data, GDPR Controller, gdpr2020

    The GDPR highlights that data subjects need to be given the right to be informed about the gathering and the use of their personal data. Organisations are encouraged to fulfill this obligation through a privacy statement, that informs individuals in a clear and easily understandable manner on how their personal data is gathered and processed by the organisation. At the same time, organisations often find challenges in creating the perfect privacy statement as narrowing down a huge variety of complex legal information is not a task for the faint hearted. Furthermore, with the enforcement of the GDPR, previous privacy statements also had to be readjusted. So, what do organisations need to keep in mind for creating the perfect privacy statement, and what benefits it holds to have one, besides compliance?

    Read More

    What benefits and opportunities does data minimisation hold for businesses?

    Feb 19, 2020 12:54:25 PM / by PrivacyPerfect posted in EU, GDPR Compliance, Data Privacy, Data Breach, GDPR For Tech Companies, gdpr, gdpr2020, data minimisation

    Back when the GDPR was still within the adaptation phase, data-driven organisations and public bodies that process personal data on a large scale found the new obligation of data minimisation to be a rather vague obstacle. The GDPR states that personal data shall be adequate, relevant, and not excessive in relation to the purpose or purposes for which they are processed, but this concept still often poses challenges for some firms. At the same time, data driven organisations continue to process and gather personal data on a large scale, where data minimisation could prove that ‘bigger’ might not necessarily always mean ‘better’: after over a year since the EU privacy regulation’s enforcement, we have now learned that data minimisation actually holds several benefits for organisations that decide to embed it into their practices. Before we start looking into what data minimisation can look like in practice, let’s take a look into what this concept entails exactly according to the GDPR. 

    Read More

    How has the GDPR strengthened email marketing?

    Feb 7, 2020 10:49:09 AM / by PrivacyPerfect posted in GDPR Compliance, Data Privacy, Data Protection, Compliance, Data Consent, Marketing, Marketing under GDPR, gdpr2020

    Back in the adaptation period of the GDPR between 2016 and 2018 May, many businesses were concerned that the new EU-privacy regulation might weaken their marketing efforts, especially in the field of email marketing.  As the GDPR puts several restrictions on why and how personal data can be collected and processed, previous forms of popular marketing techniques, such as building a database of prospects for years on end, and purchasing prospect lists, had to be changed and adjusted for compliance. These types of databases were used most typically for the email marketing efforts or organisations, therefore many believed that this aspect of business marketing might actually suffer from the new regulation. After over a year since the enforcement of the GDPR though, businesses reported several benefits of the GDPR in regard to marketing, through adapting a compliant email marketing strategy. So, what steps can your organisation take to make sure to enjoy these benefits, while strengthening your compliance?

    Read More

    How can GDPR compliance efforts benefit you as an NGO?

    Jan 31, 2020 8:00:00 AM / by PrivacyPerfect posted in EU, GDPR Compliance, GDPR for SMEs, Reputation under GDPR, Marketing under GDPR, GDPR for Marketers, DPIA, gdpr2020, NGO

    The GDPR applies to organisations and public bodies of all types, that collects and processes personal data belonging to individuals residing in the EU/EEA, charities and NGOs are also obligated to comply with the EU’s privacy regulation. As NGOs and charities handle an abundance of sensitive data, it’s important to take appropriate safeguards in order to avoid GDPR fines and cyberthreats. Numerous research has indicated that the GDPR has helped companies with an increase of consumer trust, but what does this mean for NGOs specifically in terms of potential benefits?

    GDPR_Compliance_NGO

    Read More

    Data Breaches: The Business Risk of the Decade

    Jan 23, 2020 4:00:00 PM / by The Trust Bridge posted in EU, Data Privacy, Data Protection, GDPR Fines, Data Breach, gdpr, gdpr2020

    Working across the information space in both the private, not for profit and the public sector, The Trust Bridge Senior Consultant, Carol Tullo, has seen the ecosystem of data policy expand and collide with the world of information rights. Carol states that “So many of us operating in this field have balanced the advantages of the open flow of data with the tensions in the safety and compliance safeguards that we expect, be it as individuals, family units or businesses” The access, storage and tracking of personal data has changed our worlds. Protecting our data and our individual profiles is what data protection is all about. This is not new.  

    Data_breaches_business_risk_decade-1

    Read More
      harmas_Rajztábla 1-1
      Keep informed!
      Sign up to the Weekly GDPR Digest now.