dcsimg

The GDPR: Legitimate interest – what is it and when does it apply?

The GDPR (General Data Protection Regulation) outlines six conditions under which organisations can process personal data. Contractual requirements, legal obligations, vital interests and tasks carried out in the public interest are all relatively self-explanatory, leaving consent and legitimate interest that need to be unpacked in more detail. We’ve covered consent before, so our focus here will … [Read more...]

GDPR compliance and managing personal data internationally

To enforce the Regulation outside the bounds of the EU, the GDPR has a number of elements designed to control how organisations within the EU are able to transfer personal data internationally.  The term “third countries” is not defined in the GDPR but comes from the EU’s primary treaties in order to refer to countries that are not party to those treaties. It is a common term in EU law and is … [Read more...]

Half of small businesses still aren’t GDPR compliant

It’s been more than 18 months since the GDPR (General Data Protection Regulation) took effect, and yet millions of small businesses across Europe have major compliance gaps, a study has found.  The GDPR Small Business Survey, which polled 716 organisations in Ireland, the UK, Spain and France, found that only 56% of organisations were confident that they obtained a lawful basis for processing … [Read more...]

How does the GDPR affect sole traders?

Almost all EU-based organisations are affected by the GDPR (General Data Protection Regulation), from sole traders to multinationals.  But even though the GDPR unifies data protection rules across Europe, not all businesses will face the same problems. We’ve covered many of the issues you’re likely to face, but this blog focuses on the way sole traders should approach their compliance … [Read more...]

The GDPR has led to a spike in DSARs (data subject access requests)

Depending on who you ask, the GDPR (General Data Protection Regulation) has either overhauled the way organisations handle personal data or it’s a complex and ultimately pointless piece of bureaucracy.  Fortunately, the number of people in the latter camp has shrunk in the past year or so, as the GDPR has proven to have a tangible effect on business. And we’re not just talking about fines, both … [Read more...]

How EU organisations’ GDPR requirements will change in a no-deal Brexit scenario

We’re now, once again, on the precipice Brexit, and as the deadline nears, you’ll see more stories appear about how EU-based organisations will be affected by the UK’s departure from the EU.  European organisations with ties to the UK are particularly concerned about the ramifications of the GDPR (General Data Protection Regulation). With the UK’s EU status up in the air, organisations must … [Read more...]

Google wins landmark ruling on the ‘right to be forgotten’

A landmark ruling by the ECJ (European Court of Justice) says that Google does not have to apply the ‘right to be forgotten’ globally.  The case goes back to 2015 when the French data protection authority (CNIL) ruled that Google must remove damaging or false information from the search engine when the ‘right to be forgotten’ is requested. Google was also fined €100,000 for failing to apply … [Read more...]

Is your organisation’s privacy notice GDPR compliant?

If your organisation is subject to the GDPR (General Data Protection Regulation), you must create and distribute a privacy notice.  This document ensures that individuals are aware of the way their personal data is processed, helping them understand what data is being collected, why and how it’s being used, and how long it will be kept.  But there are several other reasons organisations should … [Read more...]

Cyber attacks and data breaches in review: August 2019

A glance at the numbers this month suggests that cyber criminals, like the rest of us, enjoy their summer holidays. The 114,686,290 breached records is infinitesimal compared to last month’s total and about 10% of the monthly average. However, the figure comes from 95 incidents, which is the biggest total we’ve tracked this year. Plenty of those breaches occurred in Europe, so let’s delve into a … [Read more...]

How to become a data protection officer

As you might have expected, the GDPR (General Data Protection Regulation) has created a spike in demand for data protection and privacy experts. Organisations are desperate to hire people who can guide them towards regulatory compliance and avoid large fines.  For many organisations, this isn’t just a wish; they are legally required to find such a person and appoint them as a DPO (data protection … [Read more...]