The EU’s General Data Protection Regulation (GDPR) is one step in the crusade to strengthen citizens’ fundamental rights in the digital age. Therefore, it’s essential for companies to abide by GDPR when handling EU and EEA citizens’ private data. Failure to do so results in severe ramifications.
Data protection is already confusing, compounded by the fact that regulators constantly play a game of catch up with emerging technologies.
When it comes to newly introduced regulations, lawmakers gave organizations time to transition into the new norms. Unfortunately, that transition time is up; the maximum fine for GDPR non-compliance has already been issued to many European multi-nationals. However, SMEs are not hidden from the gaze of the regulator.
What separates the General Data Protection Regulation (GDPR) from its predecessors is its ability to recognize how the data landscape has changed over the past two decades. One way the regulation has accomplished that is by combining privacy protection with modern-day data processing techniques. And it has done so primarily through its recognition of special categories of data. The GDPR Special Categories of Data is a subsection of personal data that regulators have deemed as extra sensitive. This subsection of personal data requires additional security measures that ensure the privacy of the subject being processed.
Finding yourself in the middle of a data subject access request (DSAR) and unprepared can be pretty jarring. Most businesses aren’t even GDPR compliant and will not know how to handle a DSAR.
There is a special feeling when launching a new project. It is exciting, a little nerve-racking, but always bursting with potential.
Your company might be going through a similar process and feeling. But you might be unsure about the privacy implications. You might wonder, is a DPIA required under GDPR?
Let’s set the stage. It’s 5 pm at the end of a workday; you’re ready to clock off when all of a sudden you get a ping on your phone advising you of a potential security event… what next?
The first thing: do not panic. Ascertain what the event was about, and if there is evidence of a breach, act.
The GDPR data breach reporting timeline gives your organization 72 hours to report a data breach to the relevant supervisory authority.
Issuing a sell-by-date on food products protects consumer health. Issuing a data deletion policy protects consumers’ privacy.
Many businesses are asking: how long can you store data under GDPR? Like the regulation regarding sell-by-dates, EU regulators have stated that the personal data you hold must have a shelf-life.
Data protection authorities have been cracking down on GDPR breaches, and experts are not exempt from regulators’ gaze.
Reaching a level of “privacy by design and default” does not have to be an uphill battle for your organization. By implementing the tools and outlined by the GDPR, ascending to higher levels of data protection becomes achievable.