The importance of a good IT Governance structure IT governance is a framework that helps you align your IT strategy with your business strategy and goals. There are tons of great examples out there like COBIT, ISO and more. GDPR will require a change in the habits of your employees. But as a company you need to establish clear guidelines and standards.
As I'm currently working on my bachelor thesis regarding the impact of GDPR on the IT processes in a multinational business environment, I invited our Belgian State Secretary for privacy for a short interview regarding GDPR. Philippe De Backer accepted and I met him at the Infosecurity conference in Brussels. Hi Philippe, first of all, thank you very
The problem of "rogue" assets "Rogue" assets are a problem that fast growing companies often struggle with. Due to fast expansion of your business, assets like servers, databases and applications... often get forgotten or are added without the correct approval of superiors. The problem here is that when growing and expanding quickly these assets stay
In the past few months, discussions surrounding consent and cookies under the GDPR have been everywhere. We covered the basics of consent management in another article that you can find here. This time we are going more in detail and we will cover the topic of cookies in the GDPR. A cookie is a very small file that is downloaded to your device when you
In October the the EU's Article 29 Data Protection Working Party released their guidelines on automated decision-making and profiling under GDPR. The guidelines were received with mixed feelings, leaving machine learning enthusiasts worried. For one thing, their provisions are much wider than those of the GDPR. As a result, many consider them harmful for
What is blockchain? Not long ago we discussed in an article the way we approach security will be changed by the GDPR. Today we will tackle a more sensitive subject in the area of security - blockchains. But what exactly is blockchain? A simple definition, found on Wikipedia, states that "a blockchain is a continuously growing list of records, called
The Internet of Things (IoT) is rising together with other related technologies such as AI and Big Data. At the same time, we see new regulatory frameworks being imposed, such as the GDPR and the ePrivacy Regulation. Opinions are divided. There are those who say technologies such as IoT will make compliance to the GDPR almost impossible. At the other end of
The role of the Data Protection Officer, in short DPO, is discussed in Chapter IV, Section 4 of the GDPR. If you are new to the subject, you might find it helpful to read our article What is a Data Protection Officer? as it might shed some light on the main questions regarding DPOs. Mandatory DPO So lets take another look at the three situations
Data Protection Impact Assessment, also known as a DPIA, is a mandatory requirement according to Article 35 of the GDPR. The article gives guidance as to when to perform a DPIA stating: Where a type of processing in particular using new technologies, and taking into account the nature, scope, context and purposes of the processing, is likely to result in
The GDPR will come into force in May 2018 and its main goal is to give data subjects the power over their personal data. In this sense, there is a strong emphasis on personal rights, with fines for non-compliance reaching up to 20$ million or 4% of the annual turnover, whichever is higher. We discussed data subjects rights in various posts here on our blog.