Security of Personal Data can be achieved when the data is protected by the appropriate controls in relation to the sensitivity of the data. The GDPR does not prescribe exactly what level of security that is required but provides guidelines. Reading time: 2 minutes.
What is security of personal data
Organizations using...
This article sets out the data processing agreement basics of responsibilities between two parties that share personal data as a by-product of their collaboration, e.g. purchaser-supplier relationship.Reading time: 1,5 minutes.
Who is responsible and for what?
Data controllers are organisations that collect personal data and decide what happens with it. For this...
Individuals right to information is about how to collect and use their personal data. This right has led to several information-related obligations that companies need to fulfil. In particular, the main goal of these obligations is to be clear and open about your processing activities.Reading time: 1,5 minutes.
Principle of...
A personal data breach is a security risk that affects personal data in some way. If a breach occurs, the data controller has to do certain things. Depending on how severe the breach is, the data controller has to act in different ways. This means that a data processor...
According to the GDPR, some companies need to appoint a data protection officer (DPO). A DPO has the task of assisting the company in monitoring and reviewing compliance – for example, by advising and informing about the company’s data protection obligations.Reading time: 1,5 minutes.
Data protection officer basics
First of all,...
Data controllers ("sellers”) and data processors ("their suppliers”), often use personal data to deliver products and services. The seller and their suppliers must both ensure that the data is managed safely and securely. Under the GDPR, the persons whose data is used (“data subjects”) have several new options to...
The principle of accountability in the GDPR requires you to take responsibility for how you process personal data. You must also make sure that your company complies with other principles. Furthermore, the principle includes an obligation to demonstrate compliance, meaning that companies must have documented procedures and routines in...
A data processing agreement (“DPA”) needs to be in place when a data controller engages a data processor. The DPA sets out the relationship between the two parties and the data being processed. Reading time: 1,5 minutes.
Data processing agreement (DPA) introduction
Data controllers have to make sure that the processor is...