Global Data Privacy: Tools & Presentations
The EDPB, the authority for GDPR guidance, issued an important FAQ about the implications of the Schrems II decision. This is the full document.
This paper sets out how the GDPR’s approach to data protection represents a shift from traditional ways of thinking about privacy. It discusses some of the key provisions of the regulation, and how they will change the way companies approach data protection and data management. Finally, for companies working toward GDPR compliance, it suggests key steps they can take right now to position them to meet requirements.
What is often lost in this flurry of activity is an understanding of GDPR’s Article 27 - a provision that requires that companies that are not established in the EU, but that collect and process personal data about residents of the EU, appoint an EU-based representative.
Achieved Compliance helps SMEs comply, compete and create a culture of privacy across their organizations. Using the PrivacyMinder software platform, and with the support of the Achieved Compliance legal team, SMEs achieve the advantages enjoyed by larger industry players with extensive legal staff, but without expensive outside counsel and auditors.
Determining whether your company is primarily a controller or processor under GDPR will significantly affect the amount of work and resources needed to comply with the law.
Because requirements can differ significantly, it is imperative that companies understand their role.
A DPIA (also known as a Privacy Impact Assessment (“PIA”)), evaluates the level of risk associated with the processing of an individual’s data. A formal and documented assessment of risk is fundamental to the GDPR compliance. When must a DPIA be conducted? What must be included in a DPIA? When consulting with a data protection supervisory authority, how do you prepare and what do you need to know?
The PrivacyMinder® solution is a five-step that are designed to leverage your staff members’ knowledge and our role as a consultant. From your onboarding through implementation, the process minimizes disruptions to your business operations. You will not be left on your own to fill-in complicated spreadsheets or to decipher professional jargon - PrivacyMinder® help.
Here is a list of links to various jurisdictions' instructions on how to file a data protection complaint. Individuals might want to use this as a link from their data protection addendums which require notice to users on how to file a complaint.
Standard Contractual Clauses can support the lawful transfer of data from the EU to the U.S. But to be fully compliant, companies will need to take additional measures. This document, issued by the European Data Protection Board, outlines five steps companies should take to be sure that their transfers meet requirements.
The updated European Essential Guarantees provides a set of elements companies should examine to determine whether third-party government access to data can be considered justified in light of EU standards of protection. This document provides important guidance that supplements the European Data Protection Board’s Supplementary Transfer Recommendations.