28 Nov, 2023 | Agreement/Contract, Controller, Data processing agreement, GDPR at the workplace, GDPR Hero blog, Processor
Data processing agreements (DPA) are an essential part for organisations which transfers or collects personal data from other organisations, where the purpose is determined by one of the parties. This blog post answer the questions of when a DPA is needed and what...
27 Sep, 2023 | Accountability, GDPR Hero blog, Purpose limitation
A common question we receive is “For how long can we store personal data?” The short answer is: “As long as you can motivate and justify your need of the personal data”. It is not possible to specify a specific time limit for all types of personal data, because the...
20 Jul, 2023 | Controller, Data subjects’ rights, GDPR Hero blog, The right to be forgotten
It is a common misconception that data subjects have an absolute right to demand erasure of their personal data at request, according to article 17 GDPR. However, this is not the case in practice because there are many exceptions that apply to this right. These are...
19 Jul, 2023 | Data subjects’ rights, GDPR Hero blog, Privacy policy, The right to be informed
Transparency is one of the fundamental principles of the GDPR.1 All organisations need to ensure that the data subjects have access to information about how they process personal data. The information must be presented in a concise and easily accessible form, using...
9 Jun, 2021 | GDPR Hero blog
Social media is often used for targeted marketing. This raises the question who is responsible for the different processing’s and if it is possible to avoid responsibility, since there are different actors involved. This blogpost aims to clarify the roles and...
10 Nov, 2020 | GDPR Hero blog
An important part of the GDPR is to know whether your organisation is controller or processor for a certain processing. In some cases, your organisation might even be joint controller with another organisation. We have written about this before but it can not be...