Inhoud beschikbaar in het Engels.

Previously, I wrote a blog post (see here) on data breaches and where to report them, focusing on the notion of ‘lead supervisory authority’. In this blog post, I focus on the contents of data breach notifications in relation to the GDPR. It is important to notice that notifications might be to either of two stakeholders: the supervisory authority and/or the data subjects concerned (the ‘victims’ of the data breach).

With the rapidly growing impact of technology on our personal lives, implementing proper data protection policies gained relevance. Many businesses have already started to initiating a data protection framework within their organisation to improve what we might very well call a ‘data protection culture’. In order to do so, one of the best practices is to appoint a GDPR data protection officer (DPO).

A debate has been going on for quite some years now about the question whether dynamic IP addresses constitute personal data in the sense of European data protection legislation. An IP address is the logical address of a node on the internet (be it a computer, a network device or a mobile device).

Given the limited number of available IP addresses available under the 'old' but still widely used IPv4 standard, often a single address is allocated to different devices over time.

The GDPR is subject of a lot of speculation and ‘fake news’ these days, and therefore we would like to present seven major myths about the GDPR that are just that: myths. Participate in GDPR discussions with more knowledge about what GDPR is not about – you can read it in this blog post.

The General Data Protection Regulation (GDPR) aims to harmonise the data protection laws of the Member States. In fact, since coming into full Regulation, it has a binding effect on the entire European Union and it prevails over national data protection laws

Under the GDPR, a personal data breach has to be notified to the relevant supervisory authority in most circumstances, most notably when there is a risk for the rights and freedoms of the data subject because of the occurrence of the breach.  What is a breach, and which supervisory authority does it have to be notified to? In this blog post, we briefly discuss the answers to these questions.

The GDPR finally becomes effective on 25th May. To get a head start in understanding what this new Europe-wide privacy law is about, let us explain the nine basic concepts and how they fit together.

With the GDPR fully enforceable, more and more questions arise regarding the scope of article 30 GDPR. As you might already know, article 30 GDPR imposes the obligation to maintain records of processing activities by both controllers and processors. In this blog post, we will address if and how small and medium-sized enterprises can comply with article 30 GDPR.

Assume that you just found yourself with a supposedly complete article 30 GDPR register of your processing activities. You did the meticulous work of inventorying the activities, their purposes, the data subject categories and categories of personal data involved, and all the other information required by the article. You sigh deeply and sit back for a moment. Are you ready now?

The short answer to the question whether there is a software solution for GDPR compliance is: no. From a privacy compliance software provider this may come as a surprise. However, PrivacyPerfect is not the kind of provider that believes in magic. Becoming GDPR compliant is mostly hard work. The more comprehensive answer to the above question is: no, there is not a single software product that will automatically ensure you comply with GDPR without any further effort.