-
GDPR made Simple
One year on from the enforcement of GDPR I was invited to give a talk by APS Bank on the topic. Whilst due to new priorities, I have less time to dedicate to this blog, I thought to share the presentation below. The talk was targeted at citizens and employees to ensure they not only…
-
5 steps to designing your Data Processing Activities inventory
Following my last post on a few things to consider when going through the exercise of creating your GDPR data processing inventories, I realised that there is much more that can be said on this particular topic. As such in this post, I would like to provide more specific information, as to the best practices…
-
Data Processing Inventories – A few tips to get you through it.
Preamble Under GDPR most business have an obligation to keep an inventory of their data processing activities in relation to personal data. This is no mean feat and it is more onerous than it looks at face value. Trust me, I know, I’ve been through it. In this post I will share my experience, best…
-
Brexit and it’s affect on EU companies – A GDPR perspective
A short, straight to the point summary of the current status and GDPR implications.
-
What is a personal data breach?
When we hear about a breach, we tend to imagine a huge scandalous data breach of massive proportions where all the data gets leaked to some malicious criminal entity on the internet. Whilst that may at times be the case, it is not the only scenario where an incident could be considered a breach. What…
-
GDPR titbits series: Events, photos & marketing
It’s been a while since the last post; After the enforcement deadline of GDPR and all the additional work that brought with it, I took a much needed break. Nothing lasts forever though so here we are again. In this post we’ll be exploring a scenario were an organisation is either organising or attending an…
-
GDPR titbits series: Data Processing Officer (DPO) Job Description
Introduction The GDPR under Article 37 requires organizations to appoint a Data Processing Officer (DPO) in 3 specific cases: a) where the processing is carried out by a public authority or body; b) where the core activities of the controller or the processor consist of processing operations, which require regular and systematic monitoring of data…
-
GDPR titbits series: In the shoes of the Processor – A Question
Preamble I’ve felt a bit uninspired these past few weeks, and simply got writer’s block from being too immersed in the subject. I’ve been working non-stop on GDPR projects and somehow I didn’t feel I could get myself to write another interesting or useful post about the subject. Everything seemed quite recycled, already tackled. This…
-
GDPR titbits series: A comparison between the right to Erasure & restriction of processing.
Article 17 and 18 of the GDPR constitute of the Right to Erasure (more popularly known as the right to be forgotten) and the Right to restriction of processing. So when does one request/action one or the other? What are the differences? Let’s start with a brief understanding of these articles, simply from a…
-
GDPR titbits series: Some defintions
With GDPR round the corner, everyone is asking questions and bandying a lot of terms around. However I’ve noticed that a number of times we’re not really clear on what those terms actually mean or signify. This is why for this post, I’ve picked up some keywords from GDPR and went after their definitions. …
-
GDPR rights of the citizen using practical examples
This post came to be through a request whereas people are asking; What do my rights as a citizen under GDPR really mean in day to day life? Hence this post will present you with practical examples of scenarios where the average citizen could benefit from the regulations imposed by GDPR. You can consider this…
-
GDPR titbits series: Protect the system administrator
GDPR has forced us to look into the various layers of security applied around businesses. Classify our data and ensure there are sufficient mechanisms in place to protect it. There are however a group of select people who will always have access to most of, if not all of the data within a company. The…
-
GDPR titbits series: Heralding the rise of cold calling
Over the years we have seen a decrease in the amount of marketing calls we receive, thanks to email. E-mail is free, easily accessible, you can put more information and you can get really fancy, making it a great marketing tool as well as more cost effective and efficient operationally speaking. However the GDPR and ePrivacy…
-
GDPR titbits series: We are all controllers
A perspective on Human Resources for GDPR. I’m usually very biased on providing input related to GDPR which is usually targeted towards software companies, however I recently came across some questions which are relevant for every company. More specifically relevant for the Human resources department (HR). Below is a subset of data that the majority…
-
GDPR titbits series: The real threat
This post will not provide you with any solutions, instead it will raise some questions which might keep you up at night. By now if you’ve been following my posts you’ve heard about GDPR and know more or less what it is. We’ve discussed the rights of the citizen and some of the main topics.…
-
GDPR titbits series: Data Processing Impact Assessment (DPIA)
I’ve come across a situation where companies were being sold expensive consultancy services on the pretext that if they have a Data Processing Impact Assessment (DPIA) then they are compliant. I don’t even know where to start explaining on how many levels that is wrong. DPIA is not required by everyone. It does not…
-
What does GDPR mean for regular citizens?
Are EU Citizens impacted by GDPR? The answer is Yes we are, positively I might add. Whilst GDPR compliance is becoming a headache for companies and businesses, for us as citizens the impact is positive. The main aim of GDPR is indeed to protect the citizen and to provide them with rights over their personal…
-
10 steps to creating a Data Retention policy
A data retention and deletion policy has always been considered as good practice, especially in IT circles. The main reason historically was cost related as when a company grows and the amount of data being stored starts to accumulate, storage becomes expensive. This need is however now growing stronger and becoming a priority for businesses…
-
Security: A clean desk policy
This weeks’ instalment tackles a specific security policy which is neither costly nor technical. The topic dawned on me when I was writing up the conclusion for last week’s post which is part of the GDPR & ePrivacy titbits series on Security. As you might have gathered from the title, this post will tackle the…
-
GDPR & ePrivacy titbits series: Security layers
We have explained consent, tracking and auditing of consent, as well as the right to be forgotten (briefly of course). However there is more. Apart from the obvious topics, there are underlying concerns such as security of data, i.e. ensuring that all personal data is protected and secured. The only issue here is that the…
-
GDPR & ePrivacy titbits series: Right to be forgotten
So here it is, finally as a data subject I have the right to not only deactivate my account but also ask for my data to be deleted/removed from their systems. What is really happening? No one will be deleting any data for various reasons but mostly for the purpose of data integrity, statistics and…
-
GDPR & ePrivacy titbits series: Consent (part 2)
In the last post I mentioned that within any registration forms you should separate the request for consent related to processing of data from the request for consent relating to direct marketing. Here’s why… Basically the regulation states that the data subject has every right to withdraw their consent at any point in time…
-
GDPR & ePrivacy titbits series: Consent (part 1)
I started writing this post and got into so much detail and conditions that rather than a titbit it was becoming an essay. So here goes to a simpler version in what will turn out to be multiple instalments… If you’re storing any form of personal data I’m going to assume that you’re collecting…
-
Welcome to the GDPR & ePrivacy titbits series