EU
What does ‘data protection by design and by default’ mean under EU Data Protection Law?
Key points:European Data Protection Law requires appropriate technical and organizational measures to implement the data protection principles and safeguard individual rights. This is called ‘data protection by design and by default’.In essence, this means controllers must integrate or ‘bake in’ data protection into processing activities and business practices from the design stage and throughout the…
Read More »GDPR requires privacy by design, but what is it and how can marketers comply?
Privacy by design is a fairly old concept in systems engineering and its general meaning is pretty obvious. Wikipedia describes it as “not about data protection” but rather “designing so data doesn’t need protection,” with the “root principle based on enabling service without data control transfer from the citizen to the…
Read More »Privacy by Design and GDPR: Putting Policy into Practice
The GDPR requires organisations to implement appropriate technical and organisational measures to implement data protection principles and safeguard individual rights. While data protection by design and by default (or ‘privacy by design’) is not a new concept, the GDPR makes it a legal requirement, and thus practical guidance is needed…
Read More »Challenges, Fines, and Operational Impacts of the GDPR
The GDPR, or General Data Protection and Regulation, is going into effect in May 2018 throughout the European Union (EU) and presents important legal changes and challenges for organizations and consumers alike. Interactions and relationships between customers and businesses are transforming; the GDPR shifts authority over customer data from the business…
Read More »GDPR: What is Personal Data?
Due to the many enquires we receive regarding clarity around what is personal data under the GDPR, we captured this from the document: ICO: Guide to the General Data Protection Regulation (GDPR), August 2, 2018What is personal data?At a glanceUnderstanding whether you are processing personal data is critical to understanding whether the…
Read More »Guess what? GDPR enforcement is on fire!
You read that right: GDPR enforcement is on fire! While fines are not always particularly high, our analysis shows that, in terms of volume, data protection authorities (DPAs) are rapidly increasing their GDPR enforcement activities. Some interesting trends are also emerging: DPAs have levied 190 fines and penalties to date. With…
Read More »GDPR: Anonymisation and pseudonymisation
European Citizens have a fundamental right to privacy, it is important for organisations which process personal data to be cognisant of this right. When carried out effectively, anonymisation and pseudonymisation can be used to protect the privacy rights of individual data subjects and allow organisations to balance this right to…
Read More »
Schrems II Judgment Day
The Court of Justice of the European Union (“CJEU“) issued its judgment today in …
