Blog

Content available in English.

The GDPR imposes many rights and obligations on organisations that require software support. Any software supplier will have to make decisions on how to interpret the GDPR and where GDPR compliance software or data processing is needed. Because of the countless vague concepts in the Regulation, suppliers will have different interpretations which of course can lead to a varied number of outcomes within the software.

The fines usually attract the most attention when discussing the GDPR. Four percent of your worldwide annual turnover sounds scary - and ‘fear, uncertainty and doubt’ sell. But when we focus on the main risk of being noncompliant with the new privacy regulation, then the logical conclusion is that your reputation is what is at stake. So, how can you safeguard your organisation’s reputation in the field of personal data protection?

International data transfers are unavoidable for most of the businesses and organisations in today’s digital world. The GDPR takes a balanced approach between the necessity of cross-border data flows for the purposes of international trade and the level of protection provided to natural persons. Although the Regulation allows the free flow of personal data between Member States, it restricts data transfers to countries outside the European Economic Area (EEA).

To protect the rights of the data subjects it is crucial to determine the controller and processors for data processing activity, as these individuals or teams can be held accountable for activities regarding difference stages of data management. Considering the complex business structures in today’s world, the legal obligations attached to these two roles can be misinterpreted. Although controller and processor roles seem similar at first, they in fact have distinct features and distinct legal obligations and each can be aided by the use of effective GDPR compliance software.

Although it has been almost two months since the GDPR’s launch across the EU, there are still organisations that have not started working towards compliance with the new law. These are mostly small and medium enterprises (SMEs) that believe they are immune to the GDPR and the potential fines imposed as a result of data breaches. Of course, they are not. 
 

Previously, I wrote a blog post (see here) on data breaches and where to report them, focusing on the notion of ‘lead supervisory authority’. In this blog post, I focus on the contents of data breach notifications in relation to the GDPR. It is important to notice that notifications might be to either of two stakeholders: the supervisory authority and/or the data subjects concerned (the ‘victims’ of the data breach).

With the rapidly growing impact of technology on our personal lives, implementing proper data protection policies gained relevance. Many businesses have already started to initiating a data protection framework within their organisation to improve what we might very well call a ‘data protection culture’. In order to do so, one of the best practices is to appoint a GDPR data protection officer (DPO).

A debate has been going on for quite some years now about the question whether dynamic IP addresses constitute personal data in the sense of European data protection legislation. An IP address is the logical address of a node on the internet (be it a computer, a network device or a mobile device).

Given the limited number of available IP addresses available under the 'old' but still widely used IPv4 standard, often a single address is allocated to different devices over time.

The GDPR is subject of a lot of speculation and ‘fake news’ these days, and therefore we would like to present seven major myths about the GDPR that are just that: myths. Participate in GDPR discussions with more knowledge about what GDPR is not about – you can read it in this blog post.

The General Data Protection Regulation (GDPR) aims to harmonise the data protection laws of the Member States. In fact, since coming into full Regulation, it has a binding effect on the entire European Union and it prevails over national data protection laws

Pages