Tag: Regulation

  • 5 steps to designing your Data Processing Activities inventory

    5 steps to designing your Data Processing Activities inventory

    Following my last post on a few things to consider when going through the exercise of creating your GDPR data processing inventories, I realised that there is much more that can be said on this particular topic. As such in this post, I would like to  provide more specific information, as to the best practices…

  • Brexit and it’s affect on EU companies – A GDPR perspective

    Brexit and it’s affect on EU companies – A GDPR perspective

    A short, straight to the point summary of the current status and GDPR implications.

  • What is a personal data breach?

    What is a personal data breach?

    When we hear about a breach, we tend to imagine a huge scandalous data breach of massive proportions where all the data gets leaked to some malicious criminal entity on the internet. Whilst that may at times be the case, it is not the only scenario where an incident could be considered a breach. What…

  • GDPR titbits series: Events, photos & marketing

    GDPR titbits series: Events, photos & marketing

    It’s been a while since the last post; After the enforcement deadline of GDPR and all the additional work that brought with it, I took a much needed break. Nothing lasts forever though so here we are again. In this post we’ll be exploring a scenario were an organisation is either organising or attending an…

  • GDPR titbits series: A comparison between the right to Erasure & restriction of processing.

    GDPR titbits series: A comparison between the right to Erasure & restriction of processing.

    Article 17 and 18 of the GDPR constitute of the Right to Erasure (more popularly known as the right to be forgotten) and the Right to restriction of processing.  So when does one request/action one or the other? What are the differences?   Let’s start with a brief understanding of these articles, simply from a…

  • GDPR titbits series: Some defintions

    GDPR titbits series: Some defintions

    With GDPR round the corner, everyone is asking questions and bandying a lot of terms around. However I’ve noticed that a number of times we’re not really clear on what those terms actually mean or signify. This is why for this post, I’ve picked up some keywords from GDPR and went after their definitions.  …

  • GDPR titbits series: Heralding the rise of cold calling

    GDPR titbits series: Heralding the rise of cold calling

    Over the years we have seen a decrease in the amount of marketing calls we receive, thanks to email. E-mail is free, easily accessible, you can put more information and you can get really fancy, making it a great marketing tool as well as more cost effective and efficient operationally speaking. However the GDPR and ePrivacy…

  • GDPR titbits series: We are all controllers

    GDPR titbits series: We are all controllers

    A perspective on Human Resources for GDPR. I’m usually very biased on providing input related to GDPR which is usually targeted towards software companies, however I recently came across some questions which are relevant for every company. More specifically relevant for the Human resources department (HR). Below is a subset of data that the majority…

  • GDPR titbits series: The real threat

    GDPR titbits series: The real threat

    This post will not provide you with any solutions, instead it will raise some questions which might keep you up at night. By now if you’ve been following my posts you’ve heard about GDPR and know more or less what it is. We’ve discussed the rights of the citizen and some of the main topics.…

  • GDPR titbits series: Data Processing Impact Assessment (DPIA)

    GDPR titbits series: Data Processing Impact Assessment (DPIA)

    I’ve come across a situation where companies were being sold expensive consultancy services on the pretext that if they have a Data Processing Impact Assessment (DPIA) then they are compliant. I don’t even know where to start explaining on how many levels that is wrong.   DPIA is not required by everyone. It does not…

  • 10 steps to creating a Data Retention policy

    10 steps to creating a Data Retention policy

    A data retention and deletion policy has always been considered as good practice, especially in IT circles. The main reason historically was cost related as when a company grows and the amount of data being stored starts to accumulate, storage becomes expensive. This need is however now growing stronger and becoming a priority for businesses…

  • Security: A clean desk policy

    Security: A clean desk policy

    This weeks’ instalment tackles a specific security policy which is neither costly nor technical. The topic dawned on me when I was writing up the conclusion for last week’s post which is part of the GDPR & ePrivacy titbits series on Security.  As you might have gathered from the title, this post will tackle the…

  • GDPR & ePrivacy titbits series: Security layers

    GDPR & ePrivacy titbits series: Security layers

    We have explained consent, tracking and auditing of consent, as well as the right to be forgotten (briefly of course). However there is more. Apart from the obvious topics, there are underlying concerns such as security of data, i.e. ensuring that all personal data is protected and secured. The only issue here is that the…

  • GDPR & ePrivacy titbits series: Right to be forgotten

    GDPR & ePrivacy titbits series: Right to be forgotten

    So here it is, finally as a data subject I have the right to not only deactivate my account but also ask for my data to be deleted/removed from their systems. What is really happening? No one will be deleting any data for various reasons but mostly for the purpose of data integrity, statistics and…

  • GDPR & ePrivacy titbits series: Consent (part 2)

    GDPR & ePrivacy titbits series: Consent (part 2)

    In the last post I mentioned that within any registration forms you should separate the request for consent related to processing of data from the request for consent relating to direct marketing. Here’s why…   Basically the regulation states that the data subject has every right to withdraw their consent at any point in time…

  • GDPR & ePrivacy titbits series: Consent (part 1)

    GDPR & ePrivacy titbits series: Consent (part 1)

    I started writing this post and got into so much detail and conditions that rather than a titbit it was becoming an essay. So here goes to a simpler version in what will turn out to be multiple instalments…   If you’re storing any form of personal data I’m going to assume that you’re collecting…

  • Welcome to the GDPR & ePrivacy titbits series

    Welcome to the GDPR & ePrivacy titbits series