Blog

Content available in English.

Under the GDPR, a personal data breach has to be notified to the relevant supervisory authority in most circumstances, most notably when there is a risk for the rights and freedoms of the data subject because of the occurrence of the breach.  What is a breach, and which supervisory authority does it have to be notified to? In this blog post, we briefly discuss the answers to these questions.

The GDPR is effective since the 25th May 2018. To get a head start in understanding what this new Europe-wide privacy law is about, let us explain the nine basic concepts and how they fit together.

With the GDPR fully enforceable, more and more questions arise regarding the scope of article 30 GDPR. As you might already know, article 30 GDPR imposes the obligation to maintain records of processing activities by both controllers and processors. In this blog post, we will address if and how small and medium-sized enterprises (SMEs) can comply with article 30 GDPR.

Assume that you just found yourself with a supposedly complete article 30 GDPR register of your processing activities. You did the meticulous work of inventorying the activities, their purposes, the data subject categories and categories of personal data involved, and all the other information required by the article. You sigh deeply and sit back for a moment. Are you ready now?

The short answer to the question whether there is a software solution for GDPR compliance is: no. From a privacy compliance software provider this may come as a surprise. However, PrivacyPerfect is not the kind of provider that believes in magic. Becoming GDPR compliant is mostly hard work. The more comprehensive answer to the above question is: no, there is not a single software product that will automatically ensure you comply with GDPR without any further effort.

On May 25th the General Data Protection Regulation (GDPR) is fully enforceable. The new legislative package replaces the current Directive 95/46 (‘The Data Protection Directive’) and sets new European rules regarding data protection. Amongst others things, the package sets stringent rules regarding accountability for data controllers and data processors. As May 25th is rapidly approaching, now is the time to get your organisation to understand the General Data Protection Regulation.

  1. The key to insight is overview. Therefore, start with making an inventory of all your processing activities. It might be an investment in time and money, but it’s the magic trick for compliance. Want a little help? Download our whitepaper on data mapping.

 Since May 25th the General Data Protection Regulation (GDPR) has been fully enforceable. The new legislative package has replaced the former Directive 95/46 (‘The Data Protection Directive’) and imposed new European rules regarding data protection. Amongst other things, the GDPR sets stringent penalties for non-compliance with the new rules.

Our colleagues from PrivacyPerfect will be in Brussels from 23rd to 26th of January attending two important events about GDPR. Come by and say hello!

The data breach module is live!

This module enables your organisation to keep the obligatory register of personal data breaches under articles 33 section 5 of the GDPR.

We try to keep the administration of breaches as simple as possible. In the unfortunate event of a breach, you can reuse information kept in the register of processing activities that your organisation should already have in place under article 30 of the GDPR.

Do you want to know more? Make sure and contact us!

 

Pages