Home

Blog

Content available in English.

Impact assessments are essentially risk management tools, whether they are concerned with the environment, society, business, or personal data. In case of personal data, Article 35 of the GDPR requires controllers to conduct a data protection impact assessment (“DPIA”) prior to undertaking processing activities that are likely to pose high risk to the rights and freedoms of natural persons. This is essentially a holistic risk assessment taking into account the nature, scope, context and purposes of the processing. 

No matter what sector your business is in, how large or small an organisation you are, or whether your products and services are B2C or B2B, today, with increasing consumption occurring online, it is imperative that your online marketing strategy is relevant, up-to-date and effective. 

Do you sometimes feel that internet works like magic; do certain incidents seem inexplicable to you, such as getting flooded with advertisements about products you may have idly surfed days ago? Whether you are a technical genius or technologically challenged, if you spend any of your time online, you have probably seen pop-up screens while surfing online, that require you to agree to the use of something called “Cookies”. Do you carelessly agree to the use of cookies, or do you take time to read the Cookie policy?

 

The concept of ‘consent’ should be a fairly self-explanatory one. It is not a unique idea; in fact, consent simply signifies the “meeting of minds” and has forever been one of the core principles of contract law. However, recent times have witnessed unsettling discussions surrounding ‘consent’ spanning across divergent areas of the socio-legal spectrum. In this blog post our focus is however limited to ‘consent’ in the paradigm of EU data protection law. 

The GDPR has been in force for five months. While most publications focus on the (hefty) sanction regime, the GDPR is mainly about accountability. It provides data subjects with rights to take control over their own personal data and obliges organisations to facilitate these rights. It also requires organisations to have much more insight into their own data processing activities. This is primarily reflected in three documentation obligations: for processing activities, for data protection impact assessments and for data breaches.

Over the past year, we have been working on improving the Link personal data and data sources function. It took us more time than we hoped for, because it appeared hard to make the user interaction really simple. From early November, we will make available the new Group editor. This enhances current functionality in order to give more freedom of expression and greatly facilitates the actual grouping activity.

Before conducting an international data transfer, organisations need to check the GDPR very carefully. International data transfers should not only be compliant with Chapter 5 but also with all other requirements of the GDPR (following from Article 44 GDPR). Also, in order to transfer personal data outside the EU, organisations need to follow the layered approach of the European Data Protection Board.

The European Economic Area (EEA) is the combination of European Union (EU) and European Free Trade Association (EFTA) states, except for Switzerland. The EEA has now incorporated the GDPR into the EEA agreement. This was done by an EEA Joint Committee Decision dated 6th July 2018, which came into force on 20th July, 2018. 

The GDPR imposes many rights and obligations on organisations that require software support. Any software supplier will have to make decisions on how to interpret the GDPR and where GDPR compliance software or data processing is needed. Because of the countless vague concepts in the Regulation, suppliers will have different interpretations which of course can lead to a varied number of outcomes within the software.

The fines usually attract the most attention when discussing the GDPR. Four percent of your worldwide annual turnover sounds scary - and ‘fear, uncertainty and doubt’ sell. But when we focus on the main risk of being noncompliant with the new privacy regulation, then the logical conclusion is that your reputation is what is at stake. So, how can you safeguard your organisation’s reputation in the field of personal data protection?

Pages