Appropriate Security
Context: One of the key ways that personal data can be protected and which is outlined within the GDPR is security measures. What the GDPR is not clear on is which specific measures should be implemented.
Data Protection Policies
Context: Having a well rounded set of data protection policies is not only required by the GDPR but is good business practice.
Vulnerability Assessment
Context: In order to determine if the appropriate technical security measures have been implemented, notice needs to be taken of the risks associated with processing.
Organisational Measures
Context: In some cases the GDPR refers to explicit organisational measures that need to be implemented such as data protection policies and human intervention. In other instances the regulation is vague on which measures are required. Therefore there is no definitive list of exactly which organisational measures need to be implemented. The measures an organisation …
A 21st century problem…
A 21st century solution to a 21st century problem”. This is the description given to a major overhaul of personal data protection at an industry conference. The use of our personal data is still a very grey area for many internet users. Recently, someone provided their contact details while researching a potential online purchase. A …
Right of Access
Context: A fundamental, under-pining concept for the GDPR (outlined in Article 15) is that personal data is the property of the individual. This ownership is enshrined in the right of access which gives the individual the ability to see how, where and why data about them is processed.
Joint Controllers
Context: The GDPR recognises that there will be situations where there are 2 or more ‘joint’ controllers. All controllers have a responsibility to ensure that the requirements of GDPR are delivered. Where this situation exists the regulation requires that arrangements are transparent and made available to the data subject.
Data Portability
Context: A core principle behind the GDPR is that personal information is the property of the data subject. This principle is embodied in two key rights: the right of access to data and the right to data portability – in essence the right for an individual to take their data with them or to transfer …
Data Breach
Context: The GDPR acknowledges that data breaches can and do occur. It seeks to have processes and controls put in place to minimise the possibility of a breach, but when there is a breach to minimise the impact and to ensure that those affected are kept informed.
Professional Qualities of the Data Protection Officer (DPO)
Context: Article 37 of the GDPR states that “The Data Protection Officer (DPO) shall be designated on the basis of professional qualities and, in particular, expert knowledge of data protection law and practices and the ability to fulfil the tasks referred to in Article 39.” Article 39 requires that the DPO fulfils the following tasks: