Data Subject Rights – DSR This post is part of the long journey started with the descriptions of the tasks usually assigned to a Certified Information Privacy Manager. So, now it is time to talk about the Data Subject Rights (for short: DSR). Data Subject Rights: What are they? First, in the GDPR, there […]
Privacy Policies What are they? Primarily, Privacy Policies are those statements drafted, emended and eventually approved by the Controller; i.e, the entity in charge of establishing the purpose for the personal data usage. Although the following formal definition is US-focused, I think it’s worth to click on this Wikipedia post to have a more precise idea […]
04. Representative of Controllers and Processors
According to the Article 27, GDPR, all the Controllers and Processors that are not established in the EU but offer goods or services to data subjects established in the Union, and/or monitor their behaviour while the data subjects are in one of the EU countries, are obliged to designate in writing a Representative.
Metrics and Privacy Programs Now, it is time to use metrics for your privacy programs. It has been a long journey since we started the description of the role of a Privacy Manager and his/her tasks. Do you remember this post? If you have followed our posts, you now have a privacy program in place […]
Security Incidents and Personal Data Breaches Personal Data Breaches and Security Incidents: yes, they happen. This time we talk about those moments for which you think you are prepared and trained. In contrast, my professional experience suggests that, generally speaking, entities are never prepared sufficiently for a security incident. Quick References and Terms Primarily, […]