Category: Compliance

Context: In order to determine if the appropriate technical security measures have been implemented, notice needs to be taken of the risks associated with processing.

Context: In some cases the GDPR refers to explicit organisational measures that need to be implemented such as data protection policies and human intervention. In

Context: A fundamental, under-pining concept for the GDPR (outlined in Article 15) is that personal data is the property of the individual. This ownership is

Context: The GDPR recognises that there will be situations where there are 2 or more ‘joint’ controllers. All controllers have a responsibility to ensure that

Context: A core principle behind the GDPR is that personal information is the property of the data subject. This principle is embodied in two key

Context: The GDPR acknowledges that data breaches can and do occur. It seeks to have processes and controls put in place to minimise the possibility

Context: Article 37 of the GDPR states that “The Data Protection Officer (DPO) shall be designated on the basis of professional qualities and, in particular,

Context: In several instances the GDPR stipulates that controllers and processors need to be able to demonstrate compliance with the regulation:

Context: At the core of the GDPR is the intention to give control of personal data to the individual to who it relates. In order

Context: Personal data can be exposed to additional risk when that data is transferred outside the country of origin.  The EU also makes the assumption