The Guidelines explain the mandatory breach notification and communication requirements of the GDPR and some of the steps controllers and processors can take to meet these new obligations. They also give examples of various types of breaches and who would need to be notified in different scenarios.
These Guidelines provide a thorough analysis of the notion of consent in Regulation 2016/679, the General Data Protection Regulation (hereafter: GDPR). The concept of consent as used in the Data Protection Directive (hereafter: Directive 95/46/EC) and in the e-Privacy Directive to date, has evolved. The GDPR provides further clarification and specification of the requirements for obtaining […]
This document is intended for use by the supervisory authorities to ensure better application and enforcement of the Regulation and expresses their common understanding of the provisions of article 83 of the Regulation as well as its interplay with articles 58 and 70 and their corresponding recitals.
In the context of GDPR, part of securing Personal Data means employing multiple levels of protection to ensure that data is not lost, destroyed, or disclosed to unauthorized individuals. One GDPR principle for securing Personal Data is Pseudonymization, which is defined as “…the processing of personal data in such a way that the data can […]
This whitepaper describes the steps your organisation can take in order to prepare for and handle data breach notifications under the GDPR. Articles 33 and 34 specify the cases in which your organisation has to register a breach, notify it to the supervisory authority or communicate it to the data subject (the natural persons affected […]
In this guide, Privacy Perfect provides a seven step scheme to help you become GDPR compliant. We won’t claim it’s easy, but it’s doable. To provide you with more insight, they have drafted an infographic reflecting the internal and external stakeholders and sources needed for inventory purposes.
The handbook provides an overview of the EU’s and the CoE’s applicable legal frameworks. It also explains key case law, summarising major rulings of both the Court of Justice of the European Union and the European Court of Human Rights. In addition, it presents hypothetical scenarios that serve as practical illustrations of the diverse issues […]
One fundamental factor of GDPR is privacy notices and how organisations explain at the point of data collection what users can expect will happen to their data. In this article, we’ll dig into the topic of privacy notices more deeply, and present some best practice examples that appear to comply with the GDPR.