internet of things

The Internet of Things in the Era of the GDPR

The Internet of Things (IoT) is rising together with other related technologies such as AI and Big Data. At the same time, we see new regulatory frameworks being imposed, such as the GDPR and the ePrivacy Regulation. Opinions are divided. There are those who say technologies such as IoT will make compliance to the GDPR almost impossible. At the other end of

Share
dpo

The DPO – Role, benefits and risks

The role of the Data Protection Officer, in short DPO, is discussed in Chapter IV, Section 4 of the GDPR. If you are new to the subject, you might find it helpful to read our article What is a Data Protection Officer? as it might shed some light on the main questions regarding DPOs. Mandatory DPO So lets take another look at the three situations

Share
DPIA

DPIA – What it is, When is it Needed and Why

Data Protection Impact Assessment, also known as a DPIA, is a mandatory requirement according to Article 35 of the GDPR. The article gives guidance as to when to perform a DPIA stating: Where a type of processing in particular using new technologies, and taking into account the nature, scope, context and purposes of the processing, is likely to result in

Share
employee rights

Employee Rights – The GDPR Perspective

The GDPR will come into force in May 2018 and its main goal is to give data subjects the power over their personal data. In this sense, there is a strong emphasis on personal rights, with fines for non-compliance reaching up to 20$ million or 4% of the annual turnover, whichever is higher. We discussed data subjects rights in various posts here on our blog.

Share
people right to erasure

Erasure, Restriction and Objection – Rights – Part 3

In the last post in the series on data subjects rights we will be covering the right to erasure, the right to restrict processing and the right to object. In case you missed them, the first post in the series talked about access and rectification, while our second post talked about profiling and data portability. The right to erasure (right to be

Share
city

Profiling and Data Portability – Rights – Part 2

We continue our series on data subjects' rights under the GDPR with a post on data portability and profiling, a form of automated decision making. In case you missed it, you can find the first post in the series, discussing access and rectification, here. Profiling Article 22 of the GDPR is dedicated to automated individual decision-making,

Share
access and recitifcation

Access and Rectification – Rights – Part 1

The main purpose of the GDPR is to give back the power over their personal data to the individuals. As a result, the Regulation puts a great emphasis on data subjects' rights. To name a few: the right to access and rectification, data portability, restriction of processing, erasure and the right to not be subject to a decision based only on automated

Share
business people

Consent management under the GDPR

Consent management is probably one of the hottest topics in the GDPR. It is not a new subject, but the requirements imposed by the Regulation, together with high fines for non-compliance, make it a very important topic. On our website, we tackled the subject on more than one occasion - both in the main topic "How does consent work?" and more in detail in

Share
global business map

How to get started on GDPR compliance?

25th May 2018... The General Data Protection Regulation is approaching fast. With only a year left to prepare, many companies are starting to wonder how to get started on GDPR implementation. Some might think they should start by actually reading the Regulation but, truth be told, after reading the 99 articles you might find yourself more confused than

Share