GDPR365


  • GDPR365 to introduce multiple languages

    GDPR365 to introduce multiple languages

    GDPR365’s popularity has generated widespread interest along with calls for languages other than English. We’re happy to announce that the base version is fully prepared for the impending rollout of the Dutch version. This will be followed by German, Spanish and French.

    Read More  

  • GDPR enforcement begins – fines from the ICO and CNIL

    GDPR enforcement begins – fines from the ICO and CNIL

    So it’s begun. The GDPR has been in effect for more than a month. While that’s not really enough time to be able to gather meaningful data on what’s being done, we can certainly gain some insight and learn a bit from actions being taken by supervisory authorities like the UK’s Information Commissioner’s Office (ICO), France’s National Commission on Informatics and Liberty (CNIL) and the Austrian Data Protection Authority (DSB).

    Read More  

  • How the European Data Protection Board will help the GDPR

    How the European Data Protection Board will help the GDPR

    It’s been about a month since the GDPR came into effect and time to start considering what our new data protection landscape looks like.

    Read More  

  • Reselling GDPR compliance services

    Reselling GDPR compliance services

    (This post has been updated on the 26th of june)

    The GDPR is already in play and with the new regulation comes an opportunity for you to build a recurring revenue model by offering GDPR365 to your client base.

    Read More  

  • When a DPIA is necessary – the Irish perspective

    When a DPIA is necessary – the Irish perspective

    Under the GDPR each supervisory authority has to prepare and submit to the European Data Protection Board (EDPB) a list of processing operations that require organisations to conduct Data Privacy Impact Assessments (DPIA).

    Read More  

  • It’s begun. The first GDPR complaints.

    It’s begun. The first GDPR complaints.

    So it didn’t take long for Max Schrems to use the GDPR to file his first complaint. For those of you who don’t know Max Schrems, he’s the privacy lawyer who successfully challenged Facebook Ireland to prohibit the transfer of data from Ireland to the US.

    Read More  

  • ICO provides guidance and awareness resources as deadline looms

    ICO provides guidance and awareness resources as deadline looms

    With the GDPR and the UK data protection law coming into effect in less than 10 days I thought it was important to reflect both on Elisabeth Denham’s recent speech at the IAPP and the Regulatory Action Policy that was released by the Information Commissioner’s Office on May 4.

    Read More  

  • Reselling GDPR compliance services

    Reselling GDPR compliance services

    The GDPR will be coming into play later this month, and with the new regulation comes an opportunity for you to build a recurring revenue model by offering GDPR365 to your client base.

     

    Read More  

  • Why businesses should stop complaining about GDPR compliance

    Why businesses should stop complaining about GDPR compliance

    Organisations in Europe and beyond are gearing up to become GDPR compliant, but many are doing so begrudgingly when in fact the exercise should be looked at in a positive light.

    The GDPR provides organisations with an opportunity to develop a new philosophy about data governance. It’s a development that will protect your and my personal information from misuse and abuse.

    Read More  

  • Demonstrate compliance with your records of processing activities report

    Demonstrate compliance with your records of processing activities report

    The GDPR is clear

    In order to demonstrate compliance with this regulation, the controller and processor should maintain records of processing activities under its responsibility. Each controller and processor should be obliged to cooperate with the supervisory authority and make those records, on request, available to it, so that it might serve for monitoring those processing operations.

    Read More  

  • Yes, the GDPR is a good thing for your business

    Yes, the GDPR is a good thing for your business

    There’s been a lot of FUD around the GDPR – Fear about what it’s going to cost to become compliant and what it’ll cost you in fines if you don’t, Uncertainty about how it applies to your particular organisation and how to go about becoming compliant, and Doubt about whether, after all this expense and trouble, it’s going to be of any benefit to your business.

    Read More  

  • GDPR365 & ICAEW Webinar

    GDPR365 & ICAEW Webinar

    A GDPR365 presentation for the Institute of Chartered Accountants of England and Wales that showcases how this thorough GDPR compliance management tool assists companies to manage their GDPR compliance programmes.

     

    Read More  

  • Status of the GDPR across Europe

    Status of the GDPR across Europe

    The GDPR allows for EU member states to make some derogations (changes to how the data privacy law will be enforced) and as we get closer to the May 28 date of initial enforcement these changes are becoming clearer. Let’s look at some of the member states to see what they’re doing.

    Read More  

  • GDPR is a marathon not a sprint

    GDPR is a marathon not a sprint

    With all the hype about May 25, many organisations are seeing the date as a GDPR deadline. But it’s not. The implementation date is the starting line for ongoing compliance with the EU’s new data privacy regulation. From this date forward, organisations are expected to be able to show they have systems in place that will continue to meet GDPR compliance

    Read More  

  • It’s 2018! Have you started your GDPR preparations?

    It’s 2018! Have you started your GDPR preparations?

    2018 is the year the General Data Protection Regulation (GDPR) kicks in. But how many organisations will be ready by the May 25 deadline?

    According to a survey run by multinational cyber-security provider Kaspersky Lab, only half of SMEs in the UK and EU are even aware of the GDPR and only a quarter are ready for it; many more haven’t begun their preparations for compliance.

    Read More  

  • Using Data Protection Impact Assessments to assess risky processing activities

    Using Data Protection Impact Assessments to assess risky processing activities

    If you're in any doubt about whether the processing of personal data you do is within the parameters of the General Data Protection Regulation (GDPR) then you should carry out a DPIA because the penalty for not doing so – when it’s appropriate to – is a €10-million fine, or 2% of annual global turnover, whichever is greater.

    Read More  

  • What does Uber’s breach tell us about the GDPR and data security?

    What does Uber’s breach tell us about the GDPR and data security?

    It’s crime enough that hackers stole from Uber the personal information of millions of drivers and passengers, but concealing the breach, as Uber did for more than a year, would also be a serious transgression of the law under the European Union’s new General Data Protection Regulation (GDPR) which comes into effect in May 2018.

    Read More  

  • Not started with the GDPR? No GDPR compliance plan? GDPR365 to the rescue!

    Not started with the GDPR? No GDPR compliance plan? GDPR365 to the rescue!

    You must know about the GDPR by now. The European Union’s new General Data Protection Regulation. And that organisations have to become compliant with it by May 2018 or expose themselves to the risk of hefty fines.

    Recent research by multinational software corporation CA technologies’ indicates that with little more than six months from the GDPR coming into force, less than half of all organisations have a compliance programme in place.

     

    Read More  

  • Breach and loss going up. Next stop GDPR

    Breach and loss going up. Next stop GDPR

    Data breaches have been striking businesses worldwide, with the most alarming incidents occurring over the past two years and many more not even being reported. 

    Read More  

  • Seven months till the GDPR and most UK businesses haven’t even begun to plan

    Seven months till the GDPR and most UK businesses haven’t even begun to plan

    A shock is coming to UK businesses who haven’t yet put a data protection programme in place. The General Data Protection Regulation comes into play in May 2018, by which time businesses need to show they’re already compliant with it. 

    Read More  

  • Finalised GDPR Data Protection Impact Assessment (DPIA) guidelines released by WP29

    Finalised GDPR Data Protection Impact Assessment (DPIA) guidelines released by WP29

    A Data Protection Impact Assessment is a process for building and demonstrating compliance with the GDPR.

    It’s a process that an organisation can use to systematically describe its data processing purpose and operation, assess whether its processing is likely to result in risk for the data subjects concerned, and determine measures for addressing these risks.

    Read More  

  • Data mapping and compliance with GDPR Article 30

    Data mapping and compliance with GDPR Article 30

    Article 30 of the General Data Protection Regulation (GDPR) stipulates that organisations maintain a record of their data processing activities. Basically, this means that for an organisation to become compliant with the GDPR, it needs to present an audit of personal data as it moves through an organisation.

    Read More  

  • Are schools ready for the GDPR?

    Are schools ready for the GDPR?

    There’s a lot of talk online about businesses becoming ready for the General Data Protection Regulation compliance deadline of May 2018, but what about all the thousands of schools out there?

    All schools, whether they’re private or public, need to comply with the GDPR. When the GDPR comes into play, schools will need to have their data protection programmes already operating. So where to begin?

     

    Read More  

  • Are schools ready for the GDPR?

    Are schools ready for the GDPR?

    There’s a lot of talk online about businesses becoming ready for the General Data Protection Regulation compliance deadline of May 2018, but what about all the thousands of schools out there?

    Read More  

  • GDPR : Who’s most at risk and what’s the risk?

    GDPR : Who’s most at risk and what’s the risk?

    Facebook is under pressure as a result of a €1.2-million fine by the Spanish Data Protection Authority for not adequately collecting the consent of its user and non-users. This infringement of data privacy is the second in a matter of months, following a 150 000 fine from the French privacy regulators for a violation along similar lines.

    Read More  

  • Irish court asks for review on data transfers

    Irish court asks for review on data transfers

    In a move that spotlights the accelerating importance of data protection and privacy worldwide, Ireland’s High Court will ask the EU’s Court of Justice for a ruling on whether business enterprises operating via the Internet, such as social media giant Facebook, will be allowed to transfer users’ data to the United States.

    Needless to say, a ban on data transfers would have huge consequences not only for social media, but for all US enterprises that process data on EU residents, whether for online purchases, accommodation bookings or moving employee data between countries. Just think of all the US websites that are used heavily by Europeans every day: Amazon, Google, HomeExchange, Airbnb, Whatsapp and Booking.com.

    Read More  

  •  Archive Or Delete - What Should You Do With Your Data?

    Archive Or Delete - What Should You Do With Your Data?

    The volume of data you have on your computer system grows by the day. But do you need it all and how will you manage the storage of it as it increases? Since backing up has become vital to business continuity, you need to be smart about what you keep and what you don’t. Redstor looks at the question in their data management article: Archive or delete – What should you do with your data?

     

    Read More  

  • GDPR365 announces strategic partnership with international data management experts, Redstor

    GDPR365 announces strategic partnership with international data management experts, Redstor

    In anticipation of the EU’s General Data Protection Regulation (GDPR), which will come into effect in May 2018, Redstor has partnered with compliance specialists GDPR365 to offer their clients a cloud-based software tool that will enable initial and ongoing compliance with the new data protection law.

    Every organisation – inside or outside the EU – that processes personal information belonging to individuals in the EU will need to comply with the GDPR. The regulation has been developed primarily to strengthen the rights of individuals and, as a result, sets new data privacy and protection standards for organisations doing business with Europe.

    Read More  

  • Equifax hack makes you ask: are US organisations ready for the GDPR?

    Equifax hack makes you ask: are US organisations ready for the GDPR?

    On 7 September the The Washington Post reported that a security breach at Equifax, a US credit rating bureau, resulted in hackers gaining access to personal data belonging to an estimated 143 million individuals. Apparently, the breach was due to an 11-year-old website application flaw that compromised the personal information of not only Americans, but British and Canadian consumers.

    Amongst the stolen personal data are names, driver’s license details, credit card numbers, social security numbers and birth dates – basically the key ingredients for identity fraud.

    Read More  

  • Irish guidance on DPOs

    Irish guidance on DPOs

    Time is marching on to May 2018, when the EU’s data protection law will be revamped to give individuals much more control over their personal data.

    You probably already know that organisations need to show compliance with the General Data Protection Regulation (GDPR) and that many will need to employ a Data Protection Officer. But who can be a DPO? What do you need to do to become one?

    The role of a DPO has been relatively informal in the past but has now been formalised by the regulation. Still, the regulation doesn’t give hard and fast rules on the requirements or qualifications a DPO needs to have.

    To this end, the Irish Data Protection commissioner released guidance on what it sees as appropriate qualification.

    Read More  

  • THE GDPR will become law in the UK

    THE GDPR will become law in the UK

    On 7 August 2017 the UK Government committed to a new Data Protection Bill that will bring the UK’s laws into line with the EU’s General Data Protection Regulation, which comes into effect in May 2018.

    So finally (you can hear my audible sigh of relief), a couple of weeks ago, we received absolute clarity on what data protection will look like in the UK post-Brexit. If you’re based in the UK and have not yet read the Department for Digital, Culture Media & Sport statement of intent, please do so! Here is the link. It removes any uncertainty about what the data protection law will be post-Brexit.

    Read More  

  • Core principles of the GDPR

    Core principles of the GDPR

    Understanding the principles of the General Data Protection Regulation (GDPR) is vital to becoming compliant with it.

    The principles of the GDPR expand on those of the Data Protection Directive of 1995 and introduce a new “accountability” requirement, which specifies that holders of personal information are responsible for compliance and must be able to demonstrate how they comply with the law.

    Every organisation that holds or uses European personal data inside or outside Europe – no matter the nature of its business or the sector in which it operates – is affected by the new data protection law.

    Read More  

  • What is a DPO?

    What is a DPO?

    DPO is an acronym for Data Protection Officer. A DPO is a person who is given formal responsibility for data protection compliance within an organisation.

    Under the EU’s General Data Protection Regulation (GDPR), some organisations will be required to appoint a DPO. When appointed, the GDPR prescribes a framework around the roles and responsibilities of the DPO. But it is important to note that not all organisations will have to appoint DPOs and that the DPOs themselves will not personally be responsible for an organisations non-compliance with the GDPR. Data protection compliance is ultimately the responsibility of the controller or processor of the personal data.

      

    Read More  

  • Does GDPR apply to me?

    Does GDPR apply to me?

    Yes, even if you’re not based in the European Union (EU) the General Data Protection Regulation (GDPR) applies to you.

    Really? Even if I’m not in the EU? Yes, it doesn’t matter whether you have a physical presence in the EU.

    The EU’s GDPR affects all countries and applies to any business or organisation that holds personal data on or provides goods or services to EU citizens or EU residents. 

    So, if you hold information about present or past employees, clients or suppliers who are EU citizens or EU residents you need to comply with the GDPR. Even if you don’t offer your product or service directly to consumers, but rather provide a service to an EU company that leads to you in some way processing personal data on EU citizens or residents, you’ll need to comply.

    Read More  

  • Status of the General Data Protection Regulation

    Status of the General Data Protection Regulation

    If you own or manage an organisation in the EU and are concerned about the imminent General Data Protection Regulation (GDPR), read on for an overview of what will be required of you to achieve compliance.

    The GDPR was approved by the EU Parliament on 14 April 2016 after four years of discussion and planning. The regulation sought to replace the Data Protection Directive of 1995 and to harmonise data protection regulations across the European Union.

    Read More  

  • How the GDPR will impact your business/organisation

    How the GDPR will impact your business/organisation

    The General Data Protection Regulation (GDPR) has come about as a result of the digital age, which has resulted in a proliferation of easily accessible and shareable personal data.

    The regulation was adopted on 27 April 2016 with the intention that it will strengthen and unify data protection for all individuals in the European Union. When it becomes law on 25 May 2018 it will replace the current Data Protection Directive of 1995. 

    By harmonising data protection and privacy laws across the European Union, the GDPR will strengthen the rights of EU citizens and residents and give them control over their personal data. Businesses and organisations will have a single regulatory environment throughout the EU specifying how to collect, hold and process personal data.

    Read More