GDPR Summary

GDPR is an EU law with mandatory rules for how organizations and companies must use personal data in an integrity friendly way. Personal data means any information which, directly or indirectly, could identify a living person. Name, phone number, and address are schoolbook examples of personal data.

gdpr key points

this a symbol for the principle of accountability of the GDPR, as a pilot is accountable for individuals

The Principle of Accountability in the GDPR

The principle of accountability in the GDPR requires you to take responsibility for how you process personal data. You must also make sure that...
A symbol for a person processing data agreement

Data Processing Agreement (DPA)

A data processing agreement (“DPA”) needs to be in place when a data controller engages a data processor. The DPA sets out the relationship...

Featured Articles

Use of facial recognition in school subject to GDPR fine (Sweden’s first sanction)

A public school in Sweden filmed the students to register class attendance. The school is fined with EUR 20 000. The use...

Cookie consent must be an active choice (5 requirements from CJEU)

A new ruling in the Planet49 case by the EU Court of Justice (CJEU) states that internet users must actively give their...

Retention Policy – An overview

A retention policy is a guide to personnel on how to manage the lifecycle of information from collecting to destroying data. Therefore, the policy...

Spotlights

Learn what you need to know about GDPR fines, as it is one of the most talked about aspects of the GDPR. Below is a short explanation of what triggers the GDPR fines and who awards them. This article will also discuss what you can do to mitigate the...
Security of Personal Data can be achieved when the data is protected by the appropriate controls in relation to the sensitivity of the data. The GDPR does not prescribe exactly what level of security that is required but provides guidelines.   Reading time: 2 minutes. What is security of personal data Organizations using...
This article sets out the data processing agreement basics of responsibilities between two parties that share personal data as a by-product of their collaboration, e.g. purchaser-supplier relationship. Reading time: 1,5 minutes. Who is responsible and for what? Data controllers are organisations that collect personal data and decide what happens with it. For this...
Individuals right to information is about how to collect and use their personal data. This right has led to several information-related obligations that companies need to fulfil. In particular, the main goal of these obligations is to be clear and open about your processing activities. Reading time: 1,5 minutes. Principle of...
A personal data breach is a security risk that affects personal data in some way. If a breach occurs, the data controller has to do certain things. Depending on how severe the breach is, the data controller has to act in different ways. This means that a data processor...

Any Questions?

Don't hesitate to contact us if you have any questions about GDPR.