The General Data Protection Regulation (GDPR) has been in place for several years, yet many businesses still struggle to understand whether they can process personal data. While the GDPR provides six lawful bases for data processing, there is a lack of understanding among businesses on which basis they can rely to process data. As a result, companies often add unnecessary consent requests to all their documents, which can cause confusion and frustration for their customers.
Anna Levitina
Data processing has become an integral part of business operations. With the increased use of cloud-based services and outsourcing, companies must understand the roles of data controllers and data processors and the legal agreement between them, known as a Data Processing Agreement (DPA).
Earlier in our Data Protection Series, we shared some tips on how to obtain valid consent in accordance with the General Data Protection Regulation (GDPR). Today, we want to explore cookies consent banners in light of the latest Report issued by Cookie Banner Taskforce.
Although the General Data Protection Regulation (GDPR) has been in place for over four years, some concepts and notions are still a topic of hot discussion and continue to confuse stakeholders. Earlier in our data protection series of articles, we addressed the European regulation of cross-border data transfers. In this article, we will shed some light on data controllers’ obligation to implement appropriate technical and organisational measures when processing personal data.
Although the General Data Protection Regulation (GDPR) has been in place for over four years, some concepts and notions are still a topic of hot discussion and continue to confuse stakeholders. Earlier in our data protection series of articles, we addressed the European regulation of cross-border data transfers. In this article, we will shed some light on data controllers’ obligation to implement appropriate technical and organisational measures when processing personal data.
Although the General Data Protection Regulation (GDPR) has been in place for over four years, some concepts and notions are still a topic of hot discussion and continue to confuse stakeholders. Earlier in our data protection series of articles, we addressed the European regulation of cross-border data transfers. In this article, we will shed some light on data controllers’ obligation to implement appropriate technical and organisational measures when processing personal data.
As the world recovers from COVID-19, international travel has picked up again causing airport havoc across the globe. However, some international transfers have continued without interruption –invisible, but significant flows. These are the cross-border personal data transfers that happen every day …
Shortly after Brexit, the UK Government re-evaluated its data protection regime and cross-border data processing. The Government concluded that the EU General Data Protection Regulation (EU-GDPR) was incompatible with the UK and represented an unreasonable administrative burden on businesses, particularly small businesses, including start-ups.