Webinar: Appointing a data protection officer DPO under the GDPR

The General Data Protection Regulation (GDPR) imposes a significant number of obligations and responsibilities on controllers and processors.  The GDPR significantly reshapes the data protection landscape for organisations worldwide that collect and process the data of EU residents. The Regulation also imposes fines of up to 4% of annual global turnover or €20 million (whichever is greater), … [Read more...]

How to maintain GDPR-compliant databases

If your organisation collects EU residents’ personal data, the EU General Data Protection Regulation (GDPR) applies to you. The GDPR takes effect in just a few months, so if you’re not already nearing compliance, you need to work quickly. A significant part of the process will involve managing your databases, as this is probably where you keep most of your personal data. Database auditors need a … [Read more...]

German court rules Facebook’s data use is illegal

Facebook’s default privacy settings and use of personal data are against German consumer law, according to a Berlin regional court. The court ruled that Facebook collects and uses personal data without providing enough information to its members for them to give meaningful consent. “Facebook hides default settings that are not privacy-friendly in its privacy centre and does not provide sufficient … [Read more...]

Does your CRM meet the GDPR’s compliance requirements?

Organisations that have a customer relationship management (CRM) system in place will be well-versed in handling large volumes of personal data, and – in theory – prepared for the EU General Data Protection Regulation (GDPR). They will be used to keeping names, email addresses and dates of birth secure, and updating information when it’s out of date, which are central to GDPR compliance. However, … [Read more...]

How the PCI DSS can help you meet the requirements of the GDPR

With just 3 months until the General Data Protection Regulation (GDPR) is enforced, organisations across Europe must consider how the far-reaching changes introduced by the Regulation will affect how they handle and protect personal data. While some will be worried about how to comply with the new law, those that are already compliant with the Payment Card Industry Data Security Standard (PCI DSS) … [Read more...]

Security and compliance: Related but different

In the IT world, security and compliance are frequently mentioned in the same breath. While the two seem to be joined at the hip in this regulation-heavy era, it’s important to understand that the concepts are not synonymous. … [Read more...]

Locating, identifying, and managing personal data for GDPR compliance

Organizations are realizing that managing data for GDPR may not be as easy as it would seem at first glance. The key is to have a good data identification and classification system and to use available tools to help you implement it. … [Read more...]

The GDPR: Understanding the right to erasure

Article 17 of the EU General Data Protection Regulation (GDPR), the “right to erasure” (also known as the ‘right to be forgotten’), allows individuals to request the removal of personal data that an organisation holds on them. Individuals can exercise this right when:  The controller no longer needs the data for the purpose that it was originally collected;  The individual withdraws consent;  The … [Read more...]

How to transfer data to a ‘third country’ under the GDPR

The European Commission released a notice to stakeholders last week called “Withdrawal of the United Kingdom from the Union and EU rules in the field of data protection”. The notice states that as because the UK has triggered Article 50 and will no longer be part of the EU on 30 March 2019, it will become a ‘third country’. Unless a withdrawal agreement can be established before the withdrawal … [Read more...]

3 things software engineers need to know about the GDPR

Software engineers, like many other professionals, will face major changes to the way they work when the EU General Data Protection Regulation (GDPR) takes effect from 25 May 2018.  The Regulation strengthens data subjects’ rights related to their personal data, and requires all organisations that handle EU residents’ personal information to follow a long list of requirements. Software engineers … [Read more...]