GDPR lays out some parameters describing who can be a DPO. In brief the DPO should be trained in data protection law while the level of expertise required is situational. Like much of this principled based legislation, it is worth looking at the primary texts to understand the concepts. DPO’s background The main texts to […]
The Data protection officers (DPO) is an unusual role, as it has some statutory functions and independence, yet still exists within an organisation’s line structure. GDPR did not introduce the concept of DPO. The practice of appointing a DPO has developed in several Member States over the years since Directive 95/46/EC3 in October 1995. However since the coming into force of GDPR appointing DPOs is now mandatory […]
Sometimes the division between Data Processors and Data Controllers is not simple. Where more than one entity has control in determining the processing requirements, there can be multiple Data Controllers. This situation can lead to “Joint Controllers” which needs to be managed carefully. To recap: the Data Controller determines the purposes for which and the manner in which personal data […]
The General Data Protection Regulation (2016/679), imposes clear requirements controlling the appointment of data processors by data controllers. One of these is a requirement prescribing various matters which must be stipulated in a written contract (Article 28). As and from 25 May 2018 all agreements between Data Controllers and Data Processors need to meet these new GDPR requirements. This is a major change for many organisations, […]
Many people ask us how long they should store data for to be GDPR compliant. The very brief answer from the EU is: You must store data for the shortest time possible. This phrase “shortest possible”, while certainly punchy is sadly imprecise. This article attempts to shine some light on what it really means. Public accountability […]
The deadline on May 25th 2018 has passed, and even though the GDPR legislation has been public for well over a year, most businesses and organisations are only now beginning to realise that it actually applies to them too. The private sector is playing catch-up and brand-owners arriving late are grappling to get their heads […]
The data controllers carries primary responsibility, along with any data processors to protect the data subjects under GDPR. Businesses who sells IT equipment even if that equipment processes personally identifiable data have far less stringent obligations. However to remain competitive offering GDPR compliant features makes good business sense. This normally involves development in two areas […]
We have been told that big data usage will differentiate successful businesses from failures. That is probably true, but not only as “the new oil” driving innovation. Perhaps data is more like nuclear waste, it costs a fortune to store and when it leaks…..? The new oil arguments for using big data are well known: […]
General Data Protection Regulation or GDPR imposes new and arduous burdens on business and other organisations across Europe from May 2018. Behaviours will have to change and companies have to make sure they are ready for the deadline or face fines up to 20 M euro. This primer summarises some aspects of the GDPR which […]