GDPR Articles on Compliance Junction

Essential Steps for GDPR Compliance

Europe is a couple of months away from enforcing the General Data Protection Regulation. With this limited time, several studies still show that most companies are not prepared for the new requirements. The fact remains that they will have to find a way of complying with this law before May 2018 if they want to remain operational in Europe without incurring heavy fines. The law essentially does two things […]

GDPR Impact on Email Marketing

The EU’s General Data Protection Regulation (GDPR) unifies different email laws from across member states. The new law is set to bring greater consistency to how businesses use and store data. GDPR modifies various critical aspects of email marketing including how the marketers ask, collect and record users’ consent. The unified regulations will enable organizations to maximize the Digital Single […]

GDPR: How it Changes EU Data Protection Law

The primary objective of the GDPR is to safeguard the European Union citizens from data breaches. This is particularly important since the world is increasingly becoming data-driven and the conditions are largely different from the the time that the 1995 directive was enacted. Although the fundamental tenets of the previous directive still hold, the new General Data Protection Regulation which is set to […]

Differences Between Controller and Processor Under GDPR Rules

One of the changes that will be introduced with General Data Protection Regulation (GDPR) in 2018 includes the delineation of specific obligations on data controllers and processors. Contrary to the current law, the new data protection regulations place statutory responsibilities on data processors. In this case, it is advisable for companies to be in a position to determine whether they are […]

GDPR Impact on Recruitment Industry

It is has been almost two decades since the introduction of the Data Protection Acts (DPAs). As technology develops, business operations and human activities keep changing. The laws governing these activities must keep pace with the rate of change. The European Union seems to have taken heed of this advice and, on May 25 2018, will introduce General Data Protection Regulation […]

How does GDPR Apply to Schools?

The two-year grace period for organizations to align their systems and processes to General Data Protection Regulation (GDPR) requirements is almost coming to an end with less than eight months remaining. This has left many organizations fighting to adjust their processes in the limited time remaining to comply with the regulations and avoid potential hefty fines. Some of the organizations […]

GDPR Requirements for Emailing Existing Customers

The European Union’s approach to online privacy sets new requirements for communications between email marketing companies and their subscribers. The new General Data Protection Regulation (GDPR) legislation, to be introduced on May 25 2018, brings far-reaching changes that will make organizations accountable for their actions while empowering and protecting the users […]

GDPR Compliance for Off-site Workers

When the General Data Protection Regulation (GDPR) legislation is enacted by the European Union on May 25 2018, firms that have established a safe information management process that incorporates offsite workers will be in a position to demonstrate that they have satisfied all the requirements to mitigate risks to their information. This will help in safeguarding IP and customer data […]

GDPR for US Companies

The implications of GDPR for US companies who collect, maintain or process personal data of EU citizens will be significant – and compliance is compulsory. The European Union´s General Data Protection Regulation (GDPR) takes effect in May 2018. The Regulation affects how the personal data of EU citizens is collected, used and maintained, and introduces the right for individuals […]

GDPR Compliance Checklist

The objective of this article is to provide a GDPR compliance checklist to allow companies to get started on GDPR compliance. It is not a comprehensive guide, but instead is a quick-start guide. The General Data Protection Regulation has been a reality since it was first agreed upon, in 2016. But, according to Spice works, only 2% of IT professionals surveyed within the EU felt that their company was fully prepared […]

GDPR for Small Business

GDPR for small business has resulted in some confusion. Many small businesses assume that the General Data Protection Regulation (GDPR) does not apply to them. If you are a small business owner that believes this to be the case, you could be in for a shock when the GDPR comes into force, on 25 May 2018. It’s certainly true that Article 30 of the GDPR states that small businesses will not be bound […]

GDPR Compliance for the Insurance Industry

You may have heard about the implementation of the General Data Protection Regulation (GDPR), which is due to take place on 25 May 2018; let’s take a look at GDPR and the Insurance Industry in more detail. This type of in depth consideration is important, as failure to comply with GDPR rules could lead to the imposition of significant fines and other sanctions. One thing it’s important to note is that the GDPR […]

GDPR Best Practices

The General Data Protection Act (GDPR) becomes law on 25 May 2018, so it’s important that all businesses and organisations are aware of GDPR best practices. Failure to adopt these GDPR best practices could result in non-compliance. This in turn could lead to businesses facing heavy fines, or other sanctions. No business can afford for this to happen. Of course, complying with the GDPR also means […]

Software Upgrades for GDPR Compliance

When the General Data Protection Regulation (GDPR) becomes law, on 25 May 2018, you will need to know about software upgrades for GDPR compliance. It could be that your business or organisation may need to upgrade software that is already in place, or it may need to find a different software solution. Let’s start by examining what the GDPR actually is […]

GDPR Subject Access Request Rules Explained

The procedures for requesting a Subject Access Request (SAR) are set to change very little with the introduction of the General Data Protection Regulation (GDPR), in May 2018. But, the process for providing a response is a little different. It’s important for businesses and organizations to be aware of these changes, as if they do not comply with GDPR they could be on the receiving end of a variety […]

What are the GDPR Customer Consent Rules?

When the General Data Protection Regulation (GDPR) comes into force on 25 May 2018, rules for obtaining consent are going to be more stringent than they are at present. Business owners and data protection specialists need to be aware of the changes. If they do not make sure they are aware, they could be faced with a hefty fine, or other enforcement methods. It is important to remember that any business […]

GDPR Rules for Recording Calls

Call recording is a process that is widely used by businesses and organizations across the globe. It is a valuable tool, and one that will continue to be used for years to come. But, there are regulations that businesses need to be aware of, when it comes to the recording of calls. One set of rules which needs to be considered […]

What is Legitimate Interest in GDPR?

You may have heard a lot about consent, in relation to the General Data Protection Regulation (GDPR), which becomes a reality in May 2018. But, this is not the only reason organizations and companies can process personal data. There is also legitimate interest to be considered. Detailed guidance regarding legitimate interest is not expected to be provided until next year. But, there are some basic facts that it’s important […]

What is the GDPR right to be Forgotten?

When the General Data Protection Regulation (GDPR) comes into force, in May 2018, it applies to any individual who is living in the EU at the time. This means that any business that handles personal data relating to these individuals must comply with GDPR. One of the important factors covered by GDPR is the right to be forgotten. This right applies to situations where there is no reasonable reason to continue […]

Who is Responsible for GDPR Training?

Any business which employs more than 250 people, and processes personal data, is required to have a Data Protection Officer (DPO) under GDPR rules. Businesses will need to be compliant with this rule once the General Data Protection Regulation (GDPR) is introduced, in May 2018. The problem is that there is a lack of suitably qualified data protection experts. Ideally, businesses should hire people […]

What is High and Very High Risk for GDPR?

The introduction of the General Data Processing Regulation (GDPR), on 25 May 2018, is intended to regulate the way different member states of the EU deal with data protection matters. This should lead to a new level of uniformity. It is important to note that this does not just apply to companies and organisations within the EU, but also to companies and organisations that have offices in an EU country […]

What are the Countries Subject to GDPR Privacy Law?

If you think that your company will not be affected by the General Data Protection Regulation (GDPR), as it is not based within the EU, you may be in for a surprise. Whether a company is expected to be compliant or not does not depend on where it is based. If your company has any offices within the EU, or if it processes the data of any EU citizens, it must comply with the GDPR. Given the global nature of most business […]

Does GDPR Apply to Employees?

The simple answer to the question, does GDPR apply to employees, is that yes it does. Businesses cannot only think about complying with the General Data Protection Regulation (GDPR) in respect of clients, it applies just as much to the people who work for the business. It is important that businesses ensure that they are meeting all of their obligations, when it comes to protecting the personal data […]

What are the GDPR Password Requirements?

The new General Data Protection Regulation (GDPR), which comes into force in 2018, does not outlaw the use of a simple username and static password system for accessing personal data, but it does state that access procedures need to be secure. If procedures are not secure, businesses and organisations can be found to be in breach of GDPR stipulations. This can have serious consequences. […]

What are the Differences between GDPR and the EU Data Privacy Directive?

The Data Privacy Directive was originally adopted in 1995, as a means of regulating the way personal data was dealt with in EU member states. Since the EU Data Privacy Directive was introduced, much has changed, regarding the availability of data. These changes have been brought about by the growth of the Internet, which has meant that a person’s data can now be held, and accessed […]

Does GDPR Require New Consent from Existing Clients?

When the General Data Protection Regulation (GDPR) activates, on 25 May 2018, you may still be able to use the consent you already hold, under previous data protection regulations. Under GDPR, consent must still be given freely, and it must be specific and informed. This is no different to what is currently expected, so your organisation should already be complying. […]

What are the GDPR Penalties?

If you are concerned that your business or organisation may not be fully prepared for the enforcement date of the General Data Protection Regulation (GDPR), you really should be taking action. The date in question is 25 May 2018, and if your business is not prepared for compliance by then it could face serious penalties. Much of the definition around penalties is still to be announced […]

Summary of GDPR Notification Requirements

GDPR’s data breach notification requirements will be significantly different from the existing ones. The regulation tends to move away from the current general notifications and introduces a new practice that embraces policies and procedures. Under this law, businesses will have to report any data breach that if left unaddressed may lead to a substantial damaging impact on a person such as causing […]

GDPR Summary

The text of the General Data Protection Regulation was agreed as far back as 2015, and the regulation becomes law on 25 May 2018, from when the details in this GDPR summary apply. From this date, any business or organisation which is required to comply with the GDPR, and fails to do so, could be subject to the imposition of fines and other sanctions. The level of fine imposed will be decided by the relevant […]

GDPR Frequently Asked Questions

The General Data Protection Regulation (GDPR) is due to become law in May 2018, and already there are many GDPR frequently asked questions. The introduction of the GDPR is intended to provide a level of uniformity to the way personal data is handled, across the EU. It also improves the rights of EU citizens, with the regards to the processing of their personal data, by businesses and organisations. […]

GDPR Data Protection

Prior to the enforcement of GDPR data protection, there are currently data protection regulations and recommendations in place, throughout the various member states of the EU. One of the main reasons for the introduction of the General Data Protection Regulation (GDPR) is to try and bring a level of uniformity in the way that data protection is addressed throughout the EU. […]

UK General Data Protection Regulation

In this article we are going to look at the UK General Data Protection Regulation, or rather, how the General Data Protection Regulation (GDPR), will affect how data protection is dealt with in the UK. The GDPR takes effect from 25 May 2018, so it’s important that any businesses and organisations are well prepared for its implementation by then. […]

GDPR Guidelines on Binding Corporate Rules

The Article 29 working party has produced two documents which detail General Data Protection Regulation (GDPR) requirements, in relation to Binding Corporate Rules (BCRs). One document deals with controller BCRs and the other deals with processor BCRs. Here are some of the elements which are included in the documents. […]

What Exemptions are there from GDPR?

The introduction of General Data Protection Regulation (GDPR), on 25 May 2018, is intended to bring consistency to the way in which data protection is dealt with across the EU. That being said, there will be situations where member states can implement their own rules. There are certain areas, covered by Article 23 of GDPR, where EU member states can create derogations, which enable […]

What are the GDPR Restrictions on Employee Data?

You may think that you know everything there is to know about General Data Protection Regulation (GDPR), but the rules dealing with employee data are different to those which deal with the data of individuals who are dealing with a business or organisation as a customer or potential customer. If you think about it carefully, you can understand why HR activities within a business […]

What are the Rights of Individuals under GDPR?

There are two main reasons for the introduction of General Data Protection Regulation (GDPR); to create uniformity in the way data protection is dealt with across the EU and to provide new, and clarified, rights to people living within EU states. There are several rights of the individual which are detailed in the GDPR and which need to be complied with once the regulation becomes law on 25 May 2018. […]

What are the Implications for GDPR in the UK after Brexit?

You may have heard about the General Data Protection Regulation (GDPR) which comes into force on 25 May 2018. However, do you understand what its implications are pre and post Brexit? It is vital that any businesses or organisations based in the UK understand what those implications are as non-compliance with the GDPR can lead to serious consequences, including fines of up to 20 million euros […]

Cross Border Data Transfer Rules under GDPR

General Data Protection Regulation, which becomes law on 25 May 2018, is similar to the current Data Protection Directive in the way it refers to cross border transfer of data, but it is more explicit about the various protections that have to be in place in order for a business or organisation to transfer data to a third country. […]

GDPR Enhanced Citizen Rights Explained

The new General Data Protection Regulation (GDPR) comes into force on 25 May 2018. The regulation brings with it new rights for people living within the EU. The rights relate to personal data which is processed by businesses and organisations, whether the business or organisation is based within the EU or not. […]

Does Every Company Need to Appoint a GDPR Data Protection Officer?

The simple answer to this question is that not all companies need to appoint a Data Protection Officer (DPO) under the General Data Protection Regulation (GDPR). It is expected that larger companies (those that employ more than 250 people), and process personal data on a large scale, will appoint a DPO. However, small businesses may also need to appoint a DPO, if they process large amounts […]

GDPR Compliance Requirements for Website Owners

You may not think that the new General Data Protection Regulation (GDPR) applies to your website because it is an EU regulation and your business or organisation is based outside of the EU. However, it is important to remember that GDPR deals with the data protection rights of all EU citizens. This means that if EU citizens provide you with their data via your website, you need to make sure […]

GDPR Compliance for Software Applications

As a software developer, you may have heard about the General Data Protection Regulation (GDPR), which comes into effect on 25 May 2018. It is important that you know how the introduction of this regulation affects your role as a developer. Basically, you need to ensure that the work you do fits with the business complying […]

What is the definition of Personal Data under GDPR?

The General Data Protection Regulation (GDPR), which comes into force of 25 May 2018, is intended to give EU citizens more control over the personal data about them that is held by businesses and organisations. GDPR does not just apply to businesses that are located within the EU, it applies to any business that processes the personal data of EU citizens. This means that the introduction of the GDPR […]

GDPR Article 35 Compliance

Article 35 of the General Data Protection Regulation (GDPR) stipulates that a Data Protection Impact Assessment (DPIA) should be carried out if the processing of data is high risk. Although there is no definitive explanation of what high risk is, the Article 29 Working Party has provided some advice as to what type of data processing could be considered high risk. This list includes areas such as […]

Nominating a GDPR Lead Supervisory Authority

Following the introduction of the General Data Protection Regulation (GDPR), in May 2018, each business or organization will report to a Lead Supervising Authority (LSA), in that this will be where they get any advice and guidance that they need. More importantly, the LSA will be responsible for determining the fines and sanctions that are applicable, should a business be found […]

GDPR Notification Requirements

Currently there is no general responsibility for companies who process data of EU citizens to report a data breach to data subjects, although some companies do send notifications as a matter of course. Once the General Data Protection Regulation (GDPR) comes into force, on 25 May 2018, there will be a requirement to notify data subjects of a data security breach, in certain circumstances. […]

What are the GDPR Rules for Cold Emailing?

Cold emailing can be an important tool, especially for small businesses. It is a way of interesting people in a product or service. But, what happens when the General Data Protection Regulation (GDPR) becomes law, in May 2018. Will businesses will be able use cold emailing. The answer to this question is yes; but there are rules which need to be followed. […]

What Exemptions are there from GDPR?

The introduction of General Data Protection Regulation (GDPR), on 25 May 2018, is intended to bring consistency to the way in which data protection is dealt with across the EU. That being said, there will be situations where member states can implement their own rules. There are certain areas, covered by Article 23 of GDPR, where EU member states can create derogations […]

What are the GDPR Restrictions on Employee Data?

You may think that you know everything there is to know about General Data Protection Regulation (GDPR), but the rules dealing with employee data are different to those which deal with the data of individuals who are dealing with a business or organisation as a customer or potential customer. If you think about it carefully, you can understand why HR activities within a business […]

What are the Rights of Individuals under GDPR?

There are two main reasons for the introduction of General Data Protection Regulation (GDPR); to create uniformity in the way data protection is dealt with across the EU and to provide new, and clarified, rights to people living within EU states. There are several rights of the individual which are detailed in the GDPR and which need to be complied with […]

GDPR Implications for WiFi Networks

Too many businesses or organisations do not realise that they will be affected by the introduction of the General Data Protection Regulation (GDPR), or are not fully prepared for it. If your business or organisation is based outside of the European Union (EU), you may be thinking that this EU based regulation has nothing to do with you, but you could be wrong. […]

GDPR Compliance for Cloud Applications

The introduction of the General Data Protection Regulation, on 25 May 2018, has far reaching implications. These implications apply for any company across the globe, that is involved with the processing of personal data related to people who live within the European Union. When it comes to Cloud applications, GDPR applies to both the data controller that uses the Cloud […]

Differences between European Privacy Laws and American Privacy Laws

Although General Data Protection Regulation (GDPR), which comes into force on 25 May 2018, is a European law, it affects businesses and organisations across the globe. This is because any business or organisation that processes the personal data of people who live in EU states must comply with the GDPR, no matter where the business or organisation is based. This can have […]

GDPR Terminology

As the implementation of the General Data Protection Regulation (GDPR) draws near, it is important that businesses and organisations understand the terminology that is being used. Here are some of the terms that you may have seen, with a short explanation for each. […]

GDPR Requirements for Cloud Providers

The General Data Protection Regulation (GDPR), which comes into effect on 25 May 2018, is a lot more wide reaching than many people are aware of. This wide reach can be especially important to recognise for third party providers, such as Cloud services providers. These providers could be affected by the GDPR even if they do not directly have any Europe based clients. […]

GDPR Impact on the Definition of Personal Data

You may be aware that on 25 May 2018 the General Data Protection Regulation (GDPR) becomes law. GDPR applies to any business or organisation that processes the data of people who live within the EU, no matter where the business or organisation itself is located. GDPR goes a lot further than the directive which has been in place since 1995. It is intended to bring […]

GDPR Guidelines on Binding Corporate Rules

The Article 29 working party has produced two documents which detail General Data Protection Regulation (GDPR) requirements, in relation to Binding Corporate Rules (BCRs). One document deals with controller BCRs and the other deals with processor BCRs. Here are some of the elements which are included in the documents. […]

GDPR Article 30 Documentation Requirements

Once the General Data Protection Regulation (GDPR) comes into operation, on 25 May 2108, all businesses and organisations that are involved with processing the data of people living within the EU will be expected to comply with its stipulations. It is also important to note that, as detailed in Article 30 of GDPR, businesses and organisations need to keep records of their processing activities […]

GDPR for Medical Devices

The growth of the Internet has brought connected medical devices to the fore. They can help with everything from the monitoring of patients to the collection and use of statistical data. This helps to improve medical care across the globe and progresses the medical knowledge of health professionals. The use of these devices provides […]

Data Breach Notification Obligations under GDPR

The soon to be introduced General Data Protection Regulation (GDPR) places greater emphasis on the security of personal data than the previous Directive. This means that businesses and organisations need to pay attention to the way in which they secure the personal data they process and the way they notify relevant parties about data breaches […]

Lawful Basis for Processing Personal Data under GDPR

The General Data Protection Regulation (GDPR) becomes law on May 25 2018. Once this happens, any business or organisation that processes the personal data of individuals who live within the European Union will have to comply with the legislation […]

How is Personally Identifiable Data Defined under GDPR?

By now, most businesses and organisations will be aware of the General Data Protection Regulation (GDPR) All businesses or organisations that process the personal data of people who live within the European Union must comply with the new regulation […]

GDPR Infographics

EU GDPR Official Resources

GDPR Official Text

Official EU Data Protection Portal

Personal data protection: processing and free movement of data (General Data Protection Regulation)

Working Party 29 Guidance

WP29 Home Page

Guidelines on “Right to Portability” (pdf)

Guidelines on Data Protection Officers (pdf)

Guidelines for identifying a controller or processor’s lead supervisory authority (pdf)

European Commission Factsheets

Better rules for European businesses

Better Data Protection rights for European citizens

Next steps before 25 May

General Data Protection Regulation: ensuring its enforcement

Successful application of the Data Protection Reform: a concerted effort