Posts tagged [gdpr principles]


  • GDPR enforcement begins – fines from the ICO and CNIL

    GDPR enforcement begins – fines from the ICO and CNIL

    So it’s begun. The GDPR has been in effect for more than a month. While that’s not really enough time to be able to gather meaningful data on what’s being done, we can certainly gain some insight and learn a bit from actions being taken by supervisory authorities like the UK’s Information Commissioner’s Office (ICO), France’s National Commission on Informatics and Liberty (CNIL) and the Austrian Data Protection Authority (DSB).

    Read More  

  • When a DPIA is necessary – the Irish perspective

    When a DPIA is necessary – the Irish perspective

    Under the GDPR each supervisory authority has to prepare and submit to the European Data Protection Board (EDPB) a list of processing operations that require organisations to conduct Data Privacy Impact Assessments (DPIA).

    Read More  

  • It’s begun. The first GDPR complaints.

    It’s begun. The first GDPR complaints.

    So it didn’t take long for Max Schrems to use the GDPR to file his first complaint. For those of you who don’t know Max Schrems, he’s the privacy lawyer who successfully challenged Facebook Ireland to prohibit the transfer of data from Ireland to the US.

    Read More  

  • Why businesses should stop complaining about GDPR compliance

    Why businesses should stop complaining about GDPR compliance

    Organisations in Europe and beyond are gearing up to become GDPR compliant, but many are doing so begrudgingly when in fact the exercise should be looked at in a positive light.

    The GDPR provides organisations with an opportunity to develop a new philosophy about data governance. It’s a development that will protect your and my personal information from misuse and abuse.

    Read More  

  • GDPR is a marathon not a sprint

    GDPR is a marathon not a sprint

    With all the hype about May 25, many organisations are seeing the date as a GDPR deadline. But it’s not. The implementation date is the starting line for ongoing compliance with the EU’s new data privacy regulation. From this date forward, organisations are expected to be able to show they have systems in place that will continue to meet GDPR compliance

    Read More  

  • Using Data Protection Impact Assessments to assess risky processing activities

    Using Data Protection Impact Assessments to assess risky processing activities

    If you're in any doubt about whether the processing of personal data you do is within the parameters of the General Data Protection Regulation (GDPR) then you should carry out a DPIA because the penalty for not doing so – when it’s appropriate to – is a €10-million fine, or 2% of annual global turnover, whichever is greater.

    Read More  

  • Not started with the GDPR? No GDPR compliance plan? GDPR365 to the rescue!

    Not started with the GDPR? No GDPR compliance plan? GDPR365 to the rescue!

    You must know about the GDPR by now. The European Union’s new General Data Protection Regulation. And that organisations have to become compliant with it by May 2018 or expose themselves to the risk of hefty fines.

    Recent research by multinational software corporation CA technologies’ indicates that with little more than six months from the GDPR coming into force, less than half of all organisations have a compliance programme in place.

     

    Read More  

  • Core principles of the GDPR

    Core principles of the GDPR

    Understanding the principles of the General Data Protection Regulation (GDPR) is vital to becoming compliant with it.

    The principles of the GDPR expand on those of the Data Protection Directive of 1995 and introduce a new “accountability” requirement, which specifies that holders of personal information are responsible for compliance and must be able to demonstrate how they comply with the law.

    Every organisation that holds or uses European personal data inside or outside Europe – no matter the nature of its business or the sector in which it operates – is affected by the new data protection law.

    Read More