Posts tagged [gdpr compliance]


  • When a DPIA is necessary – the Irish perspective

    When a DPIA is necessary – the Irish perspective

    Under the GDPR each supervisory authority has to prepare and submit to the European Data Protection Board (EDPB) a list of processing operations that require organisations to conduct Data Privacy Impact Assessments (DPIA).

    Read More  

  • It’s begun. The first GDPR complaints.

    It’s begun. The first GDPR complaints.

    So it didn’t take long for Max Schrems to use the GDPR to file his first complaint. For those of you who don’t know Max Schrems, he’s the privacy lawyer who successfully challenged Facebook Ireland to prohibit the transfer of data from Ireland to the US.

    Read More  

  • ICO provides guidance and awareness resources as deadline looms

    ICO provides guidance and awareness resources as deadline looms

    With the GDPR and the UK data protection law coming into effect in less than 10 days I thought it was important to reflect both on Elisabeth Denham’s recent speech at the IAPP and the Regulatory Action Policy that was released by the Information Commissioner’s Office on May 4.

    Read More  

  • Why businesses should stop complaining about GDPR compliance

    Why businesses should stop complaining about GDPR compliance

    Organisations in Europe and beyond are gearing up to become GDPR compliant, but many are doing so begrudgingly when in fact the exercise should be looked at in a positive light.

    The GDPR provides organisations with an opportunity to develop a new philosophy about data governance. It’s a development that will protect your and my personal information from misuse and abuse.

    Read More  

  • Demonstrate compliance with your records of processing activities report

    Demonstrate compliance with your records of processing activities report

    The GDPR is clear

    In order to demonstrate compliance with this regulation, the controller and processor should maintain records of processing activities under its responsibility. Each controller and processor should be obliged to cooperate with the supervisory authority and make those records, on request, available to it, so that it might serve for monitoring those processing operations.

    Read More  

  • Yes, the GDPR is a good thing for your business

    Yes, the GDPR is a good thing for your business

    There’s been a lot of FUD around the GDPR – Fear about what it’s going to cost to become compliant and what it’ll cost you in fines if you don’t, Uncertainty about how it applies to your particular organisation and how to go about becoming compliant, and Doubt about whether, after all this expense and trouble, it’s going to be of any benefit to your business.

    Read More  

  • GDPR is a marathon not a sprint

    GDPR is a marathon not a sprint

    With all the hype about May 25, many organisations are seeing the date as a GDPR deadline. But it’s not. The implementation date is the starting line for ongoing compliance with the EU’s new data privacy regulation. From this date forward, organisations are expected to be able to show they have systems in place that will continue to meet GDPR compliance

    Read More  

  • Using Data Protection Impact Assessments to assess risky processing activities

    Using Data Protection Impact Assessments to assess risky processing activities

    If you're in any doubt about whether the processing of personal data you do is within the parameters of the General Data Protection Regulation (GDPR) then you should carry out a DPIA because the penalty for not doing so – when it’s appropriate to – is a €10-million fine, or 2% of annual global turnover, whichever is greater.

    Read More  

  • What does Uber’s breach tell us about the GDPR and data security?

    What does Uber’s breach tell us about the GDPR and data security?

    It’s crime enough that hackers stole from Uber the personal information of millions of drivers and passengers, but concealing the breach, as Uber did for more than a year, would also be a serious transgression of the law under the European Union’s new General Data Protection Regulation (GDPR) which comes into effect in May 2018.

    Read More  

  • Not started with the GDPR? No GDPR compliance plan? GDPR365 to the rescue!

    Not started with the GDPR? No GDPR compliance plan? GDPR365 to the rescue!

    You must know about the GDPR by now. The European Union’s new General Data Protection Regulation. And that organisations have to become compliant with it by May 2018 or expose themselves to the risk of hefty fines.

    Recent research by multinational software corporation CA technologies’ indicates that with little more than six months from the GDPR coming into force, less than half of all organisations have a compliance programme in place.

     

    Read More  

  • Breach and loss going up. Next stop GDPR

    Breach and loss going up. Next stop GDPR

    Data breaches have been striking businesses worldwide, with the most alarming incidents occurring over the past two years and many more not even being reported. 

    Read More  

  • Seven months till the GDPR and most UK businesses haven’t even begun to plan

    Seven months till the GDPR and most UK businesses haven’t even begun to plan

    A shock is coming to UK businesses who haven’t yet put a data protection programme in place. The General Data Protection Regulation comes into play in May 2018, by which time businesses need to show they’re already compliant with it. 

    Read More  

  • Finalised GDPR Data Protection Impact Assessment (DPIA) guidelines released by WP29

    Finalised GDPR Data Protection Impact Assessment (DPIA) guidelines released by WP29

    A Data Protection Impact Assessment is a process for building and demonstrating compliance with the GDPR.

    It’s a process that an organisation can use to systematically describe its data processing purpose and operation, assess whether its processing is likely to result in risk for the data subjects concerned, and determine measures for addressing these risks.

    Read More  

  • Data mapping and compliance with GDPR Article 30

    Data mapping and compliance with GDPR Article 30

    Article 30 of the General Data Protection Regulation (GDPR) stipulates that organisations maintain a record of their data processing activities. Basically, this means that for an organisation to become compliant with the GDPR, it needs to present an audit of personal data as it moves through an organisation.

    Read More  

  • GDPR : Who’s most at risk and what’s the risk?

    GDPR : Who’s most at risk and what’s the risk?

    Facebook is under pressure as a result of a €1.2-million fine by the Spanish Data Protection Authority for not adequately collecting the consent of its user and non-users. This infringement of data privacy is the second in a matter of months, following a 150 000 fine from the French privacy regulators for a violation along similar lines.

    Read More  

  • Irish court asks for review on data transfers

    Irish court asks for review on data transfers

    In a move that spotlights the accelerating importance of data protection and privacy worldwide, Ireland’s High Court will ask the EU’s Court of Justice for a ruling on whether business enterprises operating via the Internet, such as social media giant Facebook, will be allowed to transfer users’ data to the United States.

    Needless to say, a ban on data transfers would have huge consequences not only for social media, but for all US enterprises that process data on EU residents, whether for online purchases, accommodation bookings or moving employee data between countries. Just think of all the US websites that are used heavily by Europeans every day: Amazon, Google, HomeExchange, Airbnb, Whatsapp and Booking.com.

    Read More  

  • GDPR365 announces strategic partnership with international data management experts, Redstor

    GDPR365 announces strategic partnership with international data management experts, Redstor

    In anticipation of the EU’s General Data Protection Regulation (GDPR), which will come into effect in May 2018, Redstor has partnered with compliance specialists GDPR365 to offer their clients a cloud-based software tool that will enable initial and ongoing compliance with the new data protection law.

    Every organisation – inside or outside the EU – that processes personal information belonging to individuals in the EU will need to comply with the GDPR. The regulation has been developed primarily to strengthen the rights of individuals and, as a result, sets new data privacy and protection standards for organisations doing business with Europe.

    Read More  

  • Equifax hack makes you ask: are US organisations ready for the GDPR?

    Equifax hack makes you ask: are US organisations ready for the GDPR?

    On 7 September the The Washington Post reported that a security breach at Equifax, a US credit rating bureau, resulted in hackers gaining access to personal data belonging to an estimated 143 million individuals. Apparently, the breach was due to an 11-year-old website application flaw that compromised the personal information of not only Americans, but British and Canadian consumers.

    Amongst the stolen personal data are names, driver’s license details, credit card numbers, social security numbers and birth dates – basically the key ingredients for identity fraud.

    Read More  

  • Irish guidance on DPOs

    Irish guidance on DPOs

    Time is marching on to May 2018, when the EU’s data protection law will be revamped to give individuals much more control over their personal data.

    You probably already know that organisations need to show compliance with the General Data Protection Regulation (GDPR) and that many will need to employ a Data Protection Officer. But who can be a DPO? What do you need to do to become one?

    The role of a DPO has been relatively informal in the past but has now been formalised by the regulation. Still, the regulation doesn’t give hard and fast rules on the requirements or qualifications a DPO needs to have.

    To this end, the Irish Data Protection commissioner released guidance on what it sees as appropriate qualification.

    Read More  

  • THE GDPR will become law in the UK

    THE GDPR will become law in the UK

    On 7 August 2017 the UK Government committed to a new Data Protection Bill that will bring the UK’s laws into line with the EU’s General Data Protection Regulation, which comes into effect in May 2018.

    So finally (you can hear my audible sigh of relief), a couple of weeks ago, we received absolute clarity on what data protection will look like in the UK post-Brexit. If you’re based in the UK and have not yet read the Department for Digital, Culture Media & Sport statement of intent, please do so! Here is the link. It removes any uncertainty about what the data protection law will be post-Brexit.

    Read More  

  • Core principles of the GDPR

    Core principles of the GDPR

    Understanding the principles of the General Data Protection Regulation (GDPR) is vital to becoming compliant with it.

    The principles of the GDPR expand on those of the Data Protection Directive of 1995 and introduce a new “accountability” requirement, which specifies that holders of personal information are responsible for compliance and must be able to demonstrate how they comply with the law.

    Every organisation that holds or uses European personal data inside or outside Europe – no matter the nature of its business or the sector in which it operates – is affected by the new data protection law.

    Read More