Delve into GDPR compliance essentials—from lawful processing and data subject rights to cross-border transfers and regulatory updates. Stay informed with practical guides and expert insights to enhance your EU-focused data privacy strategy.
Finding yourself in the middle of a data subject access request (DSAR) and unprepared can be pretty jarring. Most businesses aren’t even GDPR compliant and will not know how to handle a DSAR.
There is a special feeling when launching a new project. It is exciting, a little nerve-racking, but always bursting with potential.
Your company might be going through a similar process and feeling. But you might be unsure about the privacy implications. You might wonder, is a DPIA required under GDPR?
Let’s set the stage. It’s 5 pm at the end of a workday; you’re ready to clock off when all of a sudden you get a ping on your phone advising you of a potential security event… what next?
The first thing: do not panic. Ascertain what the event was about, and if there is evidence of a breach, act.
The GDPR data breach reporting timeline gives your organization 72 hours to report a data breach to the relevant supervisory authority.
Issuing a sell-by-date on food products protects consumer health. Issuing a data deletion policy protects consumers’ privacy.
Many businesses are asking: how long can you store data under GDPR? Like the regulation regarding sell-by-dates, EU regulators have stated that the personal data you hold must have a shelf-life.
Data protection authorities have been cracking down on GDPR breaches, and experts are not exempt from regulators’ gaze.
Reaching a level of “privacy by design and default” does not have to be an uphill battle for your organization. By implementing the tools and outlined by the GDPR, ascending to higher levels of data protection becomes achievable.
With record-breaking GDPR fines and penalties reaching 50 million euros, it might be time to revise your GDPR compliance strategy.
Canada’s PIPEDA vs. EU’s GDPR: what are they, and why should companies heed then?
Simply put, they are in place to protect consumers’ privacy. The laws are so similar that the EU has decided that the practices in Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) are ‘adequate’ by their standards.
While the EU may agree with Canada’s privacy policies, it does not mean that if a U.S. company is compliant with one, it automatically meets the requirements of the other. The General Data Protection Regulation (GDPR) and PIPEDA do have some differences, and if your company does business in Canada and Europe it must be compliant with both.
The EU US Privacy Shield is the latest in data protection frameworks to manifest since the implementation of the GDPR. In an agreement between Europe and the United States, to foster positive transatlantic trade, the framework has been developed to facilitate the easier transfer of personal data from the EU to the US.
When thinking about whether your company would benefit from Privacy Shield certification the most important question to answer is: is my company under the jurisdiction of the Federal Trade Commission (FTC) or the Department of Transport (DOT)? If the answer is yes, then the Privacy Shield could be of real benefit to your organization when dealing with the transatlantic transfer of personal data from the European Union to the U.S.