A Data Protection Impact Assessments (DPIA) is a tool to determine in advance the privacy risks involved in data processing. Article 35 and Article 36 impose the obligation to conduct …
The news often reports about companies being targeted by cybercrime, hacked websites and databases, but also of ‘human errors’ and loss of data by employees who leave behind USB sticks …
Based on Article 30, controllers have to maintain records of all processing activities. These records need to be in writing (including in electronic form) and have to be made available …
When personal data are collected from data subjects, Article 13 and Article 14 determine that the controller needs to provide sufficient information to data subjects, whether the data is obtained …
Data processors carry out processing operations on behalf of controllers. If a processor, while processing, infringes the GDPR by determining purposes and means of the processing, this processor will be …
Processors process data on behalf of controllers and under controller’s instructions. Processing has to be governed by a contract or other legal act under EU or national law that is …
Where two or more controllers determine the purposes and means of processing, they are joint controllers (Article 26). Under the GDPR joint controllers have to determine their respective responsibilities for …
A significant, general GDPR duty for all data controllers is to achieve data protection by design and by default in their processing operations as reflected in Article 25. This is …
The key concept of the GDPR is that controllers need to be able to show that their processing activities are in line with the data processing principles determined by the …
Controllers control data processing and determine the purposes and means. With this comes duties and obligations. To comply with obligations under the GDPR, Article 24 provides that controllers have to …
Who are data controllers, joint controllers and processors and what are their obligations? Watch this video to find out more. The definitions in Article 4 GDPR determine who controllers and …
This week, we have closely examined the rights of data subjects safeguarded by the GDPR. We have also seen that the usefulness of the GDPR would be limited if no …
Now that we have looked into the rights of natural persons, or data subjects, under the GDPR, it is important to consider possible restrictions of the scope of these rights, …
In this video, we have discussed three rights in relation to automated decision-making, representation and compensation. Currently, various decisions are taken by the systems in an automatic manner. Article 22 …