23 Apr, 2024 | Consent, GDPR Hero blog, Important GDPR definitions, Lawful basis, Personal data, Scope of the GDPR
All processing of personal data must be based on a legal basis. Consent is one of the six lawful bases in GDPR. One of the most important aspects of personal data processing for organisations is that each processing of personal data must be based to one of the lawful...
18 Dec, 2023 | Accountability, Controller, GDPR Hero blog, Integrity and confidentiality, Lawfulness, fairness and transparency, Personal data, Personal data breach, Processor, Record of processing activities, The Supervisory Authorities
According to the GDPR, data controllers are required to notify their competent supervisory authority in case of a personal data breach. Notification must be made within 72 hours of the controller becoming aware of the breach. Within this relatively slim time period,...
28 Nov, 2023 | Agreement/Contract, Controller, Data processing agreement, GDPR at the workplace, GDPR Hero blog, Processor
Data processing agreements (DPA) are an essential part for organisations which transfers or collects personal data from other organisations, where the purpose is determined by one of the parties. This blog post answer the questions of when a DPA is needed and what...
27 Sep, 2023 | Accountability, GDPR Hero blog, Purpose limitation
A common question we receive is “For how long can we store personal data?” The short answer is: “As long as you can motivate and justify your need of the personal data”. It is not possible to specify a specific time limit for all types of personal data, because the...
20 Jul, 2023 | Controller, Data subjects’ rights, GDPR Hero blog, The right to be forgotten
It is a common misconception that data subjects have an absolute right to demand erasure of their personal data at request, according to article 17 GDPR. However, this is not the case in practice because there are many exceptions that apply to this right. These are...
19 Jul, 2023 | Data subjects’ rights, GDPR Hero blog, Privacy policy, The right to be informed
Transparency is one of the fundamental principles of the GDPR.1 All organisations need to ensure that the data subjects have access to information about how they process personal data. The information must be presented in a concise and easily accessible form, using...