The General Data Protection Regulation (GDPR) is into effect from May 25th, 2018 onwards. This EU regulation supersedes the Data Protection Directive (Directive 95/46/EC); further harmonising the EU legal landscape on data protection. The Regulation will extend the protection of data subjects and increase compliance duties of controllers, supported by rather serious sanctions.
In this blog series we deal with the 7 most frequently heard misunderstandings.
One of the core concepts in the GDPR is' personal data'. There are many misunderstandings about this concept. It is not only about names, but also about privacy-sensitive information. What is personal data? We then discuss pseudonymised data. What are they and why does the GDPR apply? Next, we discuss an important new obligation: the record of processing activities. Did you know that this really is not just an obligation for very large companies? The Data Protection Officer follows below; we discuss in which cases you do not have to appoint a DPO; and in which cases you do. Then we will deal with the PIA. What does such a privacy impact assessment involve? And when do you have to do a PIA? Afterwards, we discuss covenants. Does your (government) organisation sometimes conclude an agreement with other parties? Read all about covenants and the GDPR in this blog. The last blog discusses permission. In which cases should you have permission to process personal data? And what must the consent comply with?
The blog series 'The 7 biggest misunderstandings about the GDPR' will lead you through seven blog posts covering the following topics:
To conclude the series, we will briefly summarise the abovementioned topics in a final (eighth) blog post.
Do you want clarity about what the GDPR exactly means for your organisation? Then keep an eye on our blog page in the coming weeks and read/learn how you can solve these misunderstandings about the GDPR.