dcsimg

9 steps to GDPR compliance

On 25 May 2018, the EU General Data Protection Regulation (GDPR) comes into effect, changing the way organisations handle personal data. The Regulation strengthens individuals’ rights concerning the way personal data is used, and requires that organisations take extra steps to make sure data remains secure. The GDPR applies to any organisation that handles EU residents’ personal data. If that … [Read more...]

The GDPR: What is sensitive personal data?

We recently discussed what counts as personal data under the EU General Data Protection Regulation (GDPR); however, we didn’t cover sensitive personal data. Before we get into what that entails, let’s recap the GDPR’s definition of personal data: “‘[P]ersonal data’ means any information relating to an identified or identifiable natural person (‘data subject’).” In other words, any information that … [Read more...]

European Commission publishes guidance on the GDPR

The European Commission has published guidance on the upcoming EU General Data Protection Regulation (GDPR). The document: Summarises the purpose and benefits of the GDPR; Evaluates the steps that organisations, national data protection authorities and the Commission have taken to prepare for the GDPR; Outlines what still needs to be done before the Regulation takes effect on 25 May 2018; … [Read more...]

The GDPR: What exactly is personal data?

Personal data is at the heart of the EU General Data Protection Regulation (GDPR), but many people are still unsure exactly what ‘personal data’ refers to. There’s no definitive list of what is or isn’t personal data, so it all comes down to properly interpreting the GDPR’s definition: “‘[P]ersonal data’ means any information relating to an identified or identifiable natural person (‘data … [Read more...]

Breach at Norway’s largest healthcare authority was a disaster waiting to happen

More details have emerged on the data breach at Norway’s largest healthcare authority, in which up to 3 million people may have had their data stolen. The attack on Helse Sør-Øst RHF (Health South-East) appears to have focused on patient records and the health service’s relationship with Norway’s armed forces. AldriMer reported that the criminal hackers were looking for information related to … [Read more...]

The GDPR: Understanding the 6 data protection principles

The EU General Data Protection Regulation (GDPR) outlines six data protection principles that organisations need to follow when collecting, processing and storing individuals’ personal data. The data controller is responsible for complying with the principles and must be able to demonstrate the organisation’s compliance practices. We’ve listed the six principles here with advice on how you can … [Read more...]

The GDPR: What do email marketers need to know?

Personal data is at the heart of marketing campaigns. Organisations need people’s information to advertise their products and analyse their campaigns’ success, and they go to great lengths to collect and process this data. But on 25 May 2018, the EU General Data Protection Regulation (GDPR) takes effect, enforcing stricter data privacy rules and enhancing individuals’ rights and freedoms … [Read more...]

Navigating GDPR consent for minors

The EU General Data Protection Regulation (GDPR) strengthens and expands data subjects’ rights, and brings significant changes to both consent requirements and the rights of children. Consent must be given with a “clear affirmative action”, which nullifies opt-out options such as pre-ticked boxes. Consent requests also need to cover the specific processing details, the type of information … [Read more...]

The GDPR: Understanding the right to data portability

The right to data portability is one of eight rights enforced by the EU General Data Protection Regulation (GDPR). It allows data subjects to obtain data that a data controller holds on them and to reuse it for their own purposes. Individuals are free to either store the data for personal use or to transmit it to another data controller. The data must be received “in a structured, commonly used … [Read more...]

How your start-up can prepare for the GDPR

Start-ups aren’t much different than any other organisation, so there’s no special way they should prepare for the EU General Data Protection Regulation (GDPR). However, start-ups typically don’t have the experience that comes with an established company, which has led to many of them expressing uncertainty about how to implement the Regulation’s requirements. To help start-ups understand how they … [Read more...]