What constitutes “bring your own device” (BYOD) and what risks to GDPR compliance does it introduce? Bring your own device allows employees to use their own devices (smartphones, tablets, laptops) in the workplace but also allows them to access corporate tools from these devices. This means they are likely to carry corporate information or confidential […]
Blog
How to use legitimate interest under the GDPR?
How does the GDPR define legitimate interest? Does the legitimate interest legal base cover company interests only or can it also include third parties interests? There is no precise definition under the GDPR of what constitutes a legitimate interest and this precisely opens the room for a controller to argue that certain business activities, for […]
The impact of the GDPR on Big Data
You must have heard about the GDPR, and you might also have heard about big data, also defined as the three V:s (Volume, Velocity and Variety). The term is used to refer to the huge amount of digital information from individuals that public and private organisations collect, store and analyse for various purposes. In this […]
International Transfers of Personal Data after the Schrems II ruling
On July 16, 2020, the top court of the European Union (CJEU) issued a groundbreaking ruling on the so-called “Schrems II” case concerning international transfers of personal data from the European Union. It was meant to deal mostly with transfers to the main EU commercial partner – the United States – but turned out to […]
A Comparison of POPIA and GDPR in Key Areas
South Africa’s Protection of Personal Information Act (POPIA) will see its final sections go into effect on 30 June 2021. Furthermore, parties subject to POPIA must be fully compliant with the guidelines by 1 July 2021. A number of them may have a head start if they already adhere to established data protection guidelines such […]
HIPAA, the GDPR and MedTech
There are different regulations on how medical data can be processed and stored in different nations. If your company operates in the MedTech sector in the Western world most likely you have at least heard of HIPAA or the GDPR. This article aims at analysing how both legislations relate to healthcare. The article is particularly […]
How to appoint a data protection officer?
Who should be appointed as DPO? This can either be an internal position, or can be assigned based on a service contract. Any assignment of a DPO should be free of conflict of interest, and should report to the highest body in the organisation. While a DPO could also have another position in the company, […]
Response to the GDPR-relevant points in the German Blockchain Strategy of September 2019
On September 12, the German Federal Ministry of Economy and Energy, and the German Federal Ministry of Finance published the German Federal Blockchain Strategy (German, PDF). After analysing the statements relating to Data Protection and GDPR, here is some high level response to the key points. Blockchain Strategy Implementation Principles [p5] “IT-Sicherheit und Datenschutz garantieren: […]
GDPR compliant products debunked: it’s all about HOW you use it
I’ve seen this a bit too often lately: products that qualify themselves as ‘GDPR compliant’, falsely leaving the impression that by using that product, an organisation will be GDPR compliant. In particular some blockchain products like to label themselves as ‘GDPR compliant blockchain’ – as in the public opinion there are massive problems surrounding blockchain […]
GDPR’s Right to be Forgotten in Blockchain: it’s not black and white.
There have been many discussions about the big problem of the right to be forgotten (right to erasure, Article 17) under the GDPR. As blockchain generally is immutable, and the GDPR requires personal data to be deleted. Many people therefor conclude that it is impossible to store any kind of personal data on a blockchain. […]
Do you need support on data protection, privacy or GDPR? TechGDPR can help.
Request your free consultation