Home

Blog

Content available in English.

To protect the rights of the data subjects it is crucial to determine the controller and processors for data processing activity, as these individuals or teams can be held accountable for activities regarding difference stages of data management. Considering the complex business structures in today’s world, the legal obligations attached to these two roles can be misinterpreted. Although controller and processor roles seem similar at first, they in fact have distinct features and distinct legal obligations and each can be aided by the use of effective GDPR compliance software.

Although it has been almost two months since the GDPR’s launch across the EU, there are still organisations that have not started working towards compliance with the new law. These are mostly small and medium enterprises (SMEs) that believe they are immune to the GDPR and the potential fines imposed as a result of data breaches. Of course, they are not. 
 

Previously, I wrote a blog post (see here) on data breaches and where to report them, focusing on the notion of ‘lead supervisory authority’. In this blog post, I focus on the contents of data breach notifications in relation to the GDPR. It is important to notice that notifications might be to either of two stakeholders: the supervisory authority and/or the data subjects concerned (the ‘victims’ of the data breach).

With the rapidly growing impact of technology on our personal lives, implementing proper data protection policies gained relevance. Many businesses have already started to initiating a data protection framework within their organisation to improve what we might very well call a ‘data protection culture’. In order to do so, one of the best practices is to appoint a GDPR data protection officer (DPO).

A debate has been going on for quite some years now about the question whether dynamic IP addresses constitute personal data in the sense of European data protection legislation. An IP address is the logical address of a node on the internet (be it a computer, a network device or a mobile device).

Given the limited number of available IP addresses available under the 'old' but still widely used IPv4 standard, often a single address is allocated to different devices over time.

The GDPR is subject of a lot of speculation and ‘fake news’ these days, and therefore we would like to present seven major myths about the GDPR that are just that: myths. Participate in GDPR discussions with more knowledge about what GDPR is not about – you can read it in this blog post.

The General Data Protection Regulation (GDPR) aims to harmonise the data protection laws of the Member States. In fact, since coming into full Regulation, it has a binding effect on the entire European Union and it prevails over national data protection laws

Under the GDPR, a personal data breach has to be notified to the relevant supervisory authority in most circumstances, most notably when there is a risk for the rights and freedoms of the data subject because of the occurrence of the breach.  What is a breach, and which supervisory authority does it have to be notified to? In this blog post, we briefly discuss the answers to these questions.

The GDPR finally becomes effective on 25th May. To get a head start in understanding what this new Europe-wide privacy law is about, let us explain the nine basic concepts and how they fit together.

With the GDPR fully enforceable, more and more questions arise regarding the scope of article 30 GDPR. As you might already know, article 30 GDPR imposes the obligation to maintain records of processing activities by both controllers and processors. In this blog post, we will address if and how small and medium-sized enterprises can comply with article 30 GDPR.

Pages