Webinar: Appointing a data protection officer DPO under the GDPR

The General Data Protection Regulation (GDPR) imposes a significant number of obligations and responsibilities on controllers and processors.  The GDPR significantly reshapes the data protection landscape for organisations worldwide that collect and process the data of EU residents. The Regulation also imposes fines of up to 4% of annual global turnover or €20 million (whichever is greater), … [Read more...]

How to maintain GDPR-compliant databases

If your organisation collects EU residents’ personal data, the EU General Data Protection Regulation (GDPR) applies to you. The GDPR takes effect in just a few months, so if you’re not already nearing compliance, you need to work quickly. A significant part of the process will involve managing your databases, as this is probably where you keep most of your personal data. Database auditors need a … [Read more...]

Does your CRM meet the GDPR’s compliance requirements?

Organisations that have a customer relationship management (CRM) system in place will be well-versed in handling large volumes of personal data, and – in theory – prepared for the EU General Data Protection Regulation (GDPR). They will be used to keeping names, email addresses and dates of birth secure, and updating information when it’s out of date, which are central to GDPR compliance. However, … [Read more...]

How the PCI DSS can help you meet the requirements of the GDPR

With just 3 months until the General Data Protection Regulation (GDPR) is enforced, organisations across Europe must consider how the far-reaching changes introduced by the Regulation will affect how they handle and protect personal data. While some will be worried about how to comply with the new law, those that are already compliant with the Payment Card Industry Data Security Standard (PCI DSS) … [Read more...]

The GDPR: Understanding the right to erasure

Article 17 of the EU General Data Protection Regulation (GDPR), the “right to erasure” (also known as the ‘right to be forgotten’), allows individuals to request the removal of personal data that an organisation holds on them. Individuals can exercise this right when:  The controller no longer needs the data for the purpose that it was originally collected;  The individual withdraws consent;  The … [Read more...]

How to transfer data to a ‘third country’ under the GDPR

The European Commission released a notice to stakeholders last week called “Withdrawal of the United Kingdom from the Union and EU rules in the field of data protection”. The notice states that as because the UK has triggered Article 50 and will no longer be part of the EU on 30 March 2019, it will become a ‘third country’. Unless a withdrawal agreement can be established before the withdrawal … [Read more...]

Johnson & Johnson data breach affects hundreds of Irish customers

Hundreds of Irish customers’ home addresses and emails – which may be linked to other online accounts – were leaked online by cosmetics and pharmaceutical giant Johnson & Johnson. To take advantage of a promotion for Aveeno moisturiser, Johnson & Johnson asked customers to fill in an online form. The form was checked against a text file of individuals who had already signed up, in order to … [Read more...]

3 things software engineers need to know about the GDPR

Software engineers, like many other professionals, will face major changes to the way they work when the EU General Data Protection Regulation (GDPR) takes effect from 25 May 2018.  The Regulation strengthens data subjects’ rights related to their personal data, and requires all organisations that handle EU residents’ personal information to follow a long list of requirements. Software engineers … [Read more...]

How ISO 27001 can help with your GDPR project

Coming into effect on 25 May 2018, the EU General Data Protection Regulation (GDPR) will supersede all EU member states’ current national data protection laws, bringing a standardised approach to data protection throughout the EU. The Regulation also brings with it a new suite of enforcement powers for supervisory authorities throughout Europe to penalise companies that are found to be … [Read more...]

What are the main tasks of a data protection officer?

On 25 May 2018, the General Data Protection Regulation will come into effect. Even though the GDPR does not specifically require the appointment of a DPO for all organisations, it is highly encouraged by the European Article 29 Working Party (WP29) as a matter of good practice and to demonstrate compliance. Taking this into account, we look at the main tasks and mission of a data protection … [Read more...]