In the process of recruitment and scouting for new potential hires for a vacancy in an organization, the collection and processing of personal data of those candidates is inevitably involved. Therefore, it is important to understand GDPR compliance. In most cases, the company that posts its vacancy and embarks on the recruitment process will be […]
Hardware identifiers: Is an IMEI number personal data?
Elements of personal data With the introduction of the GDPR in 2018, data protection has become a popular topic both from a legal and technical perspective. The importance of efforts around privacy and data protection is personal data and its protection. Under the EU GDPR, there are key elements in the definition of personal data. […]
Consent Management Platforms’ misleading cookie banner designs: how to recognize and avoid dark patterns
It does not take much convincing for someone to accept freshly baked cookies, when offered to them. However, on the internet, organizations and website owners have had to work harder to balance compliance and optimize cookie consent rates, which ultimately serves to benefit them and their revenue. This is especially true after the GDPR came […]
EU-US data transfers: US Executive Order on Enhancing Safeguards for United States Signals Intelligence Activities and the impact on organizational GDPR compliance.
It is no longer news that EU-US data transfers have become increasingly challenging given the invalidation of the EU-US Privacy Shield Framework in 2020. Since then, companies have had to rely on standard contractual clauses and in other cases, data subjects have had to give consent for such transfers to happen knowing the risk of […]
GDPR Training Modes for Technology Teams
Though there are a wide range of training options, all of which will help guide GDPR compliance efforts, there are key differences between the different training methods which must be taken into account.
Privacy by Design for Technology Development Teams
The principle of Privacy by Design builds privacy into the heart of data processing operations and systems, while Privacy by Default ensures that the data subject’s rights are protected as a matter of standard operations. These concepts were created long before the GDPR came into fruition, but under the GDPR became important requirements.
Why is GDPR training important for technology teams?
Individuals working in positions directly relating to technology or software development often view GDPR compliance as being outside of their domain, and thus might not see the value in GDPR training. Though the extensive requirements of the GDPR can be difficult to fully comprehend, those working in technology development have a special role in ensuring […]
GDPR and HR data for non EU-companies
It’s been three years since the GDPR entered into force and although it provided clarity in regards to handling personal data, some ambiguities still remain. In particular when it concerns employing EU employees as a non-EU organization. Territorial applicability The territorial applicability of the GDPR is outlined in Article 3 and is conditional on three […]
Bring your own device and data protection
What constitutes “bring your own device” (BYOD) and what risks to GDPR compliance does it introduce? Bring your own device allows employees to use their own devices (smartphones, tablets, laptops) in the workplace but also allows them to access corporate tools from these devices. This means they are likely to carry corporate information or confidential […]
The impact of the GDPR on Big Data
You must have heard about the GDPR, and you might also have heard about big data, also defined as the three V:s (Volume, Velocity and Variety). The term is used to refer to the huge amount of digital information from individuals that public and private organisations collect, store and analyse for various purposes. In this […]