18 Dec, 2023 | Accountability, Controller, GDPR Hero blog, Integrity and confidentiality, Lawfulness, fairness and transparency, Personal data, Personal data breach, Processor, Record of processing activities, The Supervisory Authorities
According to the GDPR, data controllers are required to notify their competent supervisory authority in case of a personal data breach. Notification must be made within 72 hours of the controller becoming aware of the breach. Within this relatively slim time period,...
28 Nov, 2023 | Agreement/Contract, Controller, Data processing agreement, GDPR at the workplace, GDPR Hero blog, Processor
Data processing agreements (DPA) are an essential part for organisations which transfers or collects personal data from other organisations, where the purpose is determined by one of the parties. This blog post answer the questions of when a DPA is needed and what...
20 Jul, 2023 | Controller, Data subjects’ rights, GDPR Hero blog, The right to be forgotten
It is a common misconception that data subjects have an absolute right to demand erasure of their personal data at request, according to article 17 GDPR. However, this is not the case in practice because there are many exceptions that apply to this right. These are...
