Discover the latest news
When employees fall ill, multitudes of personal data need to be processed, by different parties using different absence reporting systems. This can lead to all sorts of confusion and misconceptions on the division of GDPR-related roles. In this blog The Privacy Factory proposes a thesis in order to shed light on the matter, for which purpose we invite you to post your comments on LinkedIn.
Once again, the issue of ‘data breaches’ was a hot topic in newspapers and other media. The many high-profile incidents of the recent past only underline the significance of the new (draft) guidelines issued by the EDPB. What is a data breach and what does the GDPR have to say on the subject?
One of the effects of Brexit may be that the United Kingdom will, in the near future, qualify as a ‘third country’ in the sense of the GDPR. This would have consequences for the transfer of personal data to the UK and for supervision of such transfers. Are you prepared?
Are supervisory authorities hiding behind each other? Where cross-border processing of personal data is taking place, the GDPR ‘one-stop-shop’ mechanism applies. But how exactly does this mechanism work in practical conditions, when organisations like Google, Twitter and Consumer Associations are involved?
It can be, and often is extremely difficult to determine who, in a given situation, is the processor and who is the (joint) controller, especially when converging decisions are involved. In this blog, both roles are closely examined and recent insights and emerging ideas on the subject are being explored.
With the introduction of the General Data Protection Regulation (GDPR) designation of a data protection officer (DPO) has become mandatory for controllers and processors alike