Home

To protect the rights of the data subjects it is crucial to determine the controller and processors for data processing activity, as these individuals or teams can be held accountable for activities regarding difference stages of data management. Considering the complex business structures in today’s world, the legal obligations attached to these two roles can be misinterpreted. Although controller and processor roles seem similar at first, they in fact have distinct features and distinct legal obligations and each can be aided by the use of effective GDPR compliance software.

Previously, I wrote a blog post (see here) on data breaches and where to report them, focusing on the notion of ‘lead supervisory authority’. In this blog post, I focus on the contents of data breach notifications in relation to the GDPR. It is important to notice that notifications might be to either of two stakeholders: the supervisory authority and/or the data subjects concerned (the ‘victims’ of the data breach).

With the rapidly growing impact of technology on our personal lives, implementing proper data protection policies gained relevance. Many businesses have already started to initiating a data protection framework within their organisation to improve what we might very well call a ‘data protection culture’. In order to do so, one of the best practices is to appoint a GDPR data protection officer (DPO).

A debate has been going on for quite some years now about the question whether dynamic IP addresses constitute personal data in the sense of European data protection legislation. An IP address is the logical address of a node on the internet (be it a computer, a network device or a mobile device).

Given the limited number of available IP addresses available under the 'old' but still widely used IPv4 standard, often a single address is allocated to different devices over time.