For many organisations, the appointment of a DPO has become mandatory. Although Articles 37 to 39 of the GDPR make provisions for the designation, position and tasks of a DPO, some misconceptions still exist about who needs one, who can be one and what kind of tasks a DPO can undertake. Who is a DPO? […]
Category: GDPR
Processing children’s data and implementing age assurance mechanisms
It is undeniable that children (individuals under 18) take up a large portion of the online population. With more content being created to specifically target children, a UK study from Ofcom has shown that many start as young as 3 to 4 years old to consume content on video sharing platforms such as Youtube, and […]
Understanding GDPR Compliance in Recruitment
In the process of recruitment and scouting for new potential hires for a vacancy in an organization, the collection and processing of personal data of those candidates is inevitably involved. Therefore, it is important to understand GDPR compliance. In most cases, the company that posts its vacancy and embarks on the recruitment process will be […]
Hardware identifiers: Is an IMEI number personal data?
Elements of personal data With the introduction of the GDPR in 2018, data protection has become a popular topic both from a legal and technical perspective. The importance of efforts around privacy and data protection is personal data and its protection. Under the EU GDPR, there are key elements in the definition of personal data. […]
Consent Management Platforms’ misleading cookie banner designs: how to recognize and avoid dark patterns
It does not take much convincing for someone to accept freshly baked cookies, when offered to them. However, on the internet, organizations and website owners have had to work harder to balance compliance and optimize cookie consent rates, which ultimately serves to benefit them and their revenue. This is especially true after the GDPR came […]
EU-US data transfers: US Executive Order on Enhancing Safeguards for United States Signals Intelligence Activities and the impact on organizational GDPR compliance.
It is no longer news that EU-US data transfers have become increasingly challenging given the invalidation of the EU-US Privacy Shield Framework in 2020. Since then, companies have had to rely on standard contractual clauses and in other cases, data subjects have had to give consent for such transfers to happen knowing the risk of […]
GDPR Training Modes for Technology Teams
Though there are a wide range of training options, all of which will help guide GDPR compliance efforts, there are key differences between the different training methods which must be taken into account.
Privacy by Design for Technology Development Teams
The principle of Privacy by Design builds privacy into the heart of data processing operations and systems, while Privacy by Default ensures that the data subject’s rights are protected as a matter of standard operations. These concepts were created long before the GDPR came into fruition, but under the GDPR became important requirements.
Why is GDPR training important for technology teams?
Individuals working in positions directly relating to technology or software development often view GDPR compliance as being outside of their domain, and thus might not see the value in GDPR training. Though the extensive requirements of the GDPR can be difficult to fully comprehend, those working in technology development have a special role in ensuring […]
GDPR and HR data for non EU-companies
It’s been three years since the GDPR entered into force and although it provided clarity in regards to handling personal data, some ambiguities still remain. In particular when it concerns employing EU employees as a non-EU organization. Territorial applicability The territorial applicability of the GDPR is outlined in Article 3 and is conditional on three […]