Home

Do you sometimes feel that internet works like magic; do certain incidents seem inexplicable to you, such as getting flooded with advertisements about products you may have idly surfed days ago? Whether you are a technical genius or technologically challenged, if you spend any of your time online, you have probably seen pop-up screens while surfing online, that require you to agree to the use of something called “Cookies”. Do you carelessly agree to the use of cookies, or do you take time to read the Cookie policy?

The concept of ‘consent’ should be a fairly self-explanatory one. It is not a unique idea; in fact, consent simply signifies the “meeting of minds” and has forever been one of the core principles of contract law. However, recent times have witnessed unsettling discussions surrounding ‘consent’ spanning across divergent areas of the socio-legal spectrum. In this blog post our focus is however limited to ‘consent’ in the paradigm of EU data protection law. 

The GDPR has been in force for five months. While most publications focus on the (hefty) sanction regime, the GDPR is mainly about accountability. It provides data subjects with rights to take control over their own personal data and obliges organisations to facilitate these rights. It also requires organisations to have much more insight into their own data processing activities. This is primarily reflected in three documentation obligations: for processing activities, for data protection impact assessments and for data breaches.

Over the past year, we have been working on improving the Link personal data and data sources function. It took us more time than we hoped for, because it appeared hard to make the user interaction really simple. From early November, we will make available the new Group editor. This enhances current functionality in order to give more freedom of expression and greatly facilitates the actual grouping activity.

Before conducting an international data transfer, organisations need to check the GDPR very carefully. International data transfers should not only be compliant with Chapter 5 but also with all other requirements of the GDPR (following from Article 44 GDPR). Also, in order to transfer personal data outside the EU, organisations need to follow the layered approach of the European Data Protection Board.