Why the RoPA should be at the center of your privacy management efforts

Records of Processing Activities: Why the RoPA should be at the center of your privacy management efforts.   As a GDPR compliant company, you should record every piece of personal data that is being processed. Processing personal data means not only collecting it, but also – amongst others - aggregating, analyzing, sorting, distributing, storing, viewing,… Continue reading Why the RoPA should be at the center of your privacy management efforts

How to: International Data Transfers

    A lot of organizations are struggling with international data transfers. Rules are strict, and companies can’t just transfer personal data from EEA data subjects outside of this region. Look at Google. Even they are in a tight spot with Google Analytics and Google Fonts after the Austrian Data Protection Authority (Datenschutzbehörde or DSB)… Continue reading How to: International Data Transfers

A Guide to Data Subject Right Requests (DSRR)

A Guide to Data Subject Right Requests (DSRR) Under the General Data Protection Regulation (GDPR), data subjects receive exercisable rights, giving them control over the processing of their personal data. These rights must be upheld by organizations that process personal data. For example, data subjects have a right to request rectification or erasure of their… Continue reading A Guide to Data Subject Right Requests (DSRR)

RoPa: What is it and how to approach its development?

Records of Processing Activities: What is it and how to approach its development? What is a RoPA (or Record of Processing Activities)? Article 30 of the General Data Protection Regulation (GDPR) states that controllers and processors are required to maintain Records of Processing Activities, in short RoPA or “Records”. This obligation helps your company achieve… Continue reading RoPa: What is it and how to approach its development?

SMEs and Data Breaches

This year in May, the General Data Protection Regulation (GDPR) celebrates its fourth year of entry into force. Widely recognized as an ambitious European Union Privacy Regulation, the GDPR applies to the processing of personal data. Why does this legal framework exist and how can SMEs determine whether said privacy regulations are applicable to them?