Data Protection Archive
Business to business marketers have had countless questions about the GDPR (General Data Protection Regulation) since it took effect – and for good reason. Sensitive data is at the centre of everything they do. They need names, contact information and any …
Last month, France’s data protection authority, the CNIL, imposed a €150,000 fine on a data controller and a €75,000 fine on its data processor for their failure to implement adequate security measures. The ruling followed a credential stuffing attack against …
Staff awareness training is an essential component of the GDPR (General Data Protection Regulation), but do you know how it works in practice? Here are seven things you can do to make your awareness programme a success.
As you might have expected, the GDPR (General Data Protection Regulation) has created a spike in demand for data protection and privacy experts. Organisations are desperate to hire people who can guide them towards regulatory compliance and avoid large fines. For many organisations, this isn’t just a …
In case you didn’t already know, the GDPR (General Data Protection Regulation) requires Irish organisations to report data breaches to the DPC (Data Protection Commission) within 72 hours of becoming aware of them.
The UK’s Brexit transition period finally complete, but European organisations still face a period of uncertainty regarding data protection rules. That’s where EU GDPR – An international guide to compliance can help. This guide, written by IT Governance’s founder and …
For the past few months, organisations have been trying to grasp the full extent of this summer’s Schrems II ruling – which invalidated the EU—US Privacy Shield – and what it means for data transfers outside the EU. To help …
The GDPR (General Data Protection Regulation) makes a distinction between ‘personal data’ and ‘sensitive personal data’. In this blog, we look at the difference between those terms, and we begin by recapping the Regulation’s definition of personal data: ‘ersonal data’ means …
The EU General Data Protection Regulation (GDPR) requires organisations to adopt the principles of “privacy by design and by default”. These concepts require organisations to embed security measures into their systems at the outset, rather than applying features retroactively. It …
The GDPR (General Data Protection Regulation) outlines six conditions under which organisations can process personal data. Contractual requirements, legal obligations, vital interests and tasks carried out in the public interest are all relatively self-explanatory, leaving consent and legitimate interest that …