Section 24 of the PDPA requires an organisation to make reasonable security arrangements to protect personal data in its possession or under its control...
You are not allowed to submit content, please register or sign in.
Let’s not kid ourselves, the biggest threat to organisations from GDPR is running the risk of massive fines.
In saying that, GDPR law is not about handing our fines, it’s about putting the rights of the individual first.
Before a fine is handed out, a serious of sanctions take place.
Whilst it may not be financial to begin with, it will definitely place a massive dent in the reputation of the offending party. When you lose the trust with your audience and/or your staff, it’s pretty much game over.
One thing is for certain, there is no room for complacency, not matter where in the world you are.
As much as we would like to make it a free platform, it would be beyond our personal financial ability in doing so.
We researched extensively to find the fair price medium, one that will make it a value added incentive on your behalf and one that would maintain the costs in operating and evolving this site.
Bottom line is we have settled on a pricing model for the many and not for the few.
Knowledge has no price limit and yes we could quite easily charge more.
The reason we don’t is simple. This platform has been designed to offer the tools to the many and not the few. We believe our pricing structure is fair and affordable to everyone, without compromising on our objectives to our members and to our purpose of existence.
If you wish to shout our team a cup of coffee then we won’t say no. Simply spin the wheel below to see how many of our staff will enjoy your shout.
So you know, its €1 per shout.[wof_wheel id=”2854″]
GDPR applies to anyone that applies, handles, processes, and/or monitors personal data of residents (full-time or temporary including foreign tourists) within the European Union, no matter where in the world this activity is conducted from.
Furthermore, it matters not whether you hold onto the data for 1 minute or 10 years.
GDPR protocols apply to all forms of relationships where in concerns European Union Residents (full-time or temporary including foreign tourists).
The types of relationship fall under 3 categories:
✍ B2B (business to business) where third party relationships are involved in the processing of personal data.
✍ B2C (business to consumer) where you are required to demonstrate responsibility towards personal data.
✍ B2E (business to employee) where the data you hold on current, past and prospective employees is managed within the boundaries of GDPR protocols.
To clear the air and any confusion, you can email both B2B (Business to Business) and B2C (Business to Consumer) based on the following parameters:
B2B (Business to Business) in 5 steps
B2C (Business to Consumer) in 5 steps
As a data subject (that’s how you are referred to), GDPR presents you with 8 rights to which you can make a specific request and be assured that your personal data is not being misused for purposes other than the legitimate purpose for which it was originally provided by you to the entity.
A data subject is referred to as an individual:
♀ ♂ Candidate
♀ ♂ Client
♀ ♂ Commuter
♀ ♂ Consumer
♀ ♂ Contractor
♀ ♂ Creditor
♀ ♂ Customer
♀ ♂ Debtor
♀ ♂ Employee
♀ ♂ End User
♀ ♂ Guest
♀ ♂ Individual
♀ ♂ Job Applicant
♀ ♂ Patron
♀ ♂ Prospect
♀ ♂ Purchaser
♀ ♂ Representative
♀ ♂ Tenant
♀ ♂ Tourist
♀ ♂ Vacationer
♀ ♂ Vendor
♀ ♂ Visitor
A data subject has 8 legal rights of request, including:
1: Right to Object: The right to object to the processing of ♀ or ♂ personal data.
2: Right to be Forgotten: The right to ask for the deletion of ♀ or ♂ data, also referred to as the “right to erasure”.
3: Right to Access: The right to get access to ♀ or ♂ personal data that is being processed.
4: Right to Withdraw Consent: The right to withdraw a previously given consent for processing of ♀ or ♂ personal data for a purpose.
5: Right to Object to Automated Processing: The right to object to a decision based on automated processing including Machine Learning and Artificial Intelligence of ♀ or ♂ personal data.
6: Right to Rectification: The right to ask for modifications to ♀ or ♂ personal data in case the data subject believes that this personal data is not up to date or accurate.
7: Right to Data Portability: The right to ask for the transfer of ♀ or ♂ personal data in a machine-readable electronic format.
8: Right to Information: The right to ask a company for information about what ♀ or ♂ personal data is being processed and the reasoning for such processing.
This right given to you by GDPR is referred to as DSAR (Data Subject Access Request).
A DSAR can be made by an individual or an individual’s appointed representative. Such requests are made in writing and mailed to the entities registered GDPR Postal address and/or via Email.
Important to note that the violating entity must have a registered address within the EU to receive GDPR mail (irrelevant if the request is sent by post or via email).
It’s when digitally stored data (information entered via a computer, mobile device, laptop, etc…) is encrypted in such a way where it makes it impossible for unauthorized people to trace it back to an individual.
The 5 key methods used to achieve pseudonymization are:
♒ Encryption (involving the rendering of the original data as unreadable and which cannot be rendered readable without an encryption key)
♒ Tokenization (involving the substitution of sensitive data elements with a non-sensitive elements, that hold no extrinsic or exploitable meaning or value)
♒ Blurring (involving obfuscation just like media outlets rendering the faces of anonymous sources unrecognizable)
♒ Masking (involving the masking of data where it still permits you to identify the data “example a credit card: XXXX XXXX XXXX 1964” without identifying the individual )
♒ Scrambling (involving a combination or obfuscation of alpha/numeric characters)
Personal Data is any information relating to an identified or identifiable natural person (otherwise referred to as a ‘data subject’).
An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifiers or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Here is an extensive list of Personal Data:
✍ Activity on the site
✍ Arrest records
✍ Bank account
✍ Bio-metric identifiers
✍ Birth certificate
✍ Browsing history (elsewhere online)
✍ Car insurance records
✍ Cell/Mobile phone
✍ Chat history (elsewhere online)
✍ Children’s names
✍ City of birth
✍ Cloud storage files
✍ Contacts list
✍ Credit card number
✍ Credit report
✍ Criminal offenses & convictions
✍ Current employer
✍ Current home address
✍ Current income
✍ Current location (physical)
✍ Daily life activities
✍ Date of birth
✍ Debit card number
✍ Device ID / MAC address
✍ Digital fingerprint
✍ Donations to organizations
✍ Driver’s license / state ID
✍ Education history
✍ Email records
✍ Employment history
✍ Event attendance
✍ Eye color
✍ Face photographs
✍ Facial geometry
✍ Family health history
✍ First name
✍ Friends’ names
✍ Genetic information
✍ Hair color
✍ Health insurance records
✍ Home phone
✍ Home value
✍ Homeowner status
✍ HR issues & disciplinary actions
✍ Income history
✍ Investment records
✍ IP address
✍ ISP (internet service provider)
✍ Language preference
✍ Last name
✍ Length of current residence
✍ Life insurance records
✍ Likes & ratings
✍ Loan records
✍ Location history (physical)
✍ Maiden name
✍ Marital status
✍ Media preferences
✍ Medical card number
✍ Medical records
✍ Messages on the site
✍ Number of people in household
✍ Operating system
✍ Other financial statements
✍ Other identifying photographs
✍ Other names used
✍ Parents’ names
✍ Passport information
✍ Performance evaluations
✍ Personal email address
✍ Pets & animals
✍ Phone call records
✍ Photo location data
✍ Physical or mental disability
✍ PIN number
✍ Political affiliations & opinions
✍ Political party affiliation
✍ Postal activity
✍ Power of attorney
✍ Previous addresses
✍ Professional license records
✍ Property records
✍ Racial & ethnic origin
✍ Recreational license records
✍ Reference interviews
✍ Religion & philosophical beliefs
✍ Retina scan
✍ Schools attended
✍ Search history (elsewhere)
✍ Search history on the site
✍ Security question & answer
✍ Sexual orientation
✍ Sexual partners
✍ Shopping & purchase history (elsewhere online)
✍ Shopping & purchase history (offline)
✍ Shopping & purchase history (on the site)
✍ Siblings’ names
✍ Social media accounts
✍ Social media posts & history
✍ Social security / social insurance number
✍ Spouse name
✍ Surveys (online)
✍ Surveys (offline)
✍ Tax file number
✍ Tax returns
✍ Text message history
✍ Third-party login
✍ Topics of interest
✍ Trade union membership
✍ Vehicle registration records
✍ Veteran status
✍ Video footage
✍ Voice recording
✍ Voice signature
✍ Voter registration records
✍ Work address
✍ Work email address
✍ Work phone
✍ Writing sample (electronic)
The impact of GDPR is global.
GDPR is a legal chapter established by the European Union and affects directly any entity worldwide that that applies, handles, processes, and/or monitors personal data of residents (full-time or temporary including foreign tourists) within the European Union, no matter where in the world this activity is conducted from. Simply put, you cannot hide from it or avoid it.
Currently, over 23,000,000 companies worldwide in 191 countries conduct some form of business activity which involves European Union residents. Chances are you’re one of these companies.
Here are the 3 key questions you need to immediately ask yourself:
If you answered NO to any one of the 3 questions then we can assist you. GDPR Registrar is designed to provide the platform for entities such as yourself to commit to compliance and to be registered & represented within the European Union as required by law.
For further details CLICK HERE.
Biometrics is the measurement and statistical analysis of people’s unique physical and behavioral characteristics. The technology is mainly used for identification and access control, or for identifying individuals who are under surveillance.
The basic premise of biometric authentication is that every person can be accurately identified by his or her intrinsic physical or behavioral traits.
Biometric identifiers are divided into 2 categories, Behavioral and Physiological.
♀♂Behavioral characteristics are related to the pattern of behavior of a person, including but not limited to typing rhythm, gait, and voice, otherwise referred to as behaviometrics.
♀♂Physiological characteristics are related to the shape of the body, including but not limited to fingerprint, palm veins, face recognition, DNA, palm print, hand geometry, iris recognition, retina and odor and/or scent.
Examples of biometrics include token-based identification systems, such as a driver’s license or passport, and knowledge-based identification systems, such as a password or personal identification number.
Since biometric identifiers are unique to individuals, they are more reliable in verifying identity than token and knowledge-based methods; however, the collection of biometric identifiers raises privacy concerns about the ultimate use of this information.
You don’t have the right to make a request and gain access to the information of a 3rd party individual, unless you have been properly appointed as the authorized representative of the original individual seeking access to their information.
The entity receiving your request requires:
If the responsible person refuses your Data Subject Access Request on behalf of the entity, they must clearly set out in writing the reasons for the rejection.
If you are not satisfied with the outcome of your request, then you have the right to ask the entity for the details to their independent DPO (Data Protection Officer) to review your case.
One thing people forget, and we wish to make this very clear, especially for small to medium size businesses. GDPR is not designed to put you out of business!!!
GDPR requires you to DEMONSTRATE that you are committed in working towards being compliant.
Don’t act from a position of fear, that’s the biggest and most costly mistake you’ll make.
Do yourself a favor:
When you register for free with us, we’ll give you your free step-by-step plan of action. CLICK HERE TO REGISTER FOR FREE .
We’re not going to lie to you, once you have gone through the plan, you will most likely become a registered member with us and/or with another quality organization for reasons that will become clear to you.
We use your information in fulfilling our obligations to you as a member and as permitted to us via GDPR Article 6 “Lawfulness of Processing”, where the processing shall be lawful only if and to the extent that at least one of the following applies:
✍ the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
✍ processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
✍ processing is necessary for compliance with a legal obligation to which the controller is subject;
✍ processing is necessary in order to protect the vital interests of the data subject or of another natural person;
✍ processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
✍ processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child. (shall not apply to processing carried out by public authorities in the performance of their tasks.)
We don’t abuse, take unlawful advantage or compromise your trust when you provide your information to us, and as such:
☑ We don’t share your information with 3rd parties, unless it is required to complete your request. (One example is when you file a complaint against a third party via our platform, we may be required to share your information with relevant 3rd parties to address your DSAR complaint.)
☑ We don’t sell your information to 3rd parties, period!
☑ We don’t ask or gather irrelevant information from you just for the hell of it.
☑ We don’t hold onto your credit-card information and will never ask for your credit card details. (All payments made by you to us will be via Paypal or Stripe gateways or Direct Bank Transfer.)
☑ We don’t make deliberate errors, therefore if you find something on our site not to be right, feel free to tell us and we’ll address it.
☑ We don’t proclaim to be perfect, though perfection is something we continually strive for.
☑ We don’t display your personal name on our site publicly unless you have given us explicit consent.
☑ We don’t share your details with co-workers within our organization unless they have a legitimate interest within their role.
☑ We don’t store your information on physical servers outside of the European Union.
☑ We don’t spam!
☑ We don’t work with entities that do not comply to GDPR Regulations.
As someone that handles personal data of residents (full-time or temporary including foreign tourists) within the European Union, you need to:
☑ Fully understand on how you use your data.
☑ Make certain that you’re incorporating GDPR into your data management.
☑ Conduct a thorough evaluation of your current & future data requirements.
☑ Assess the capabilities in managing such data.
☑ Be prepared to execute major changes in how you manage your data.
The top 12 key factors to keep in mind about GDPR protocols regrading European Union Residents (EURs) (full-time or temporary including foreign tourists) within the European Union, no matter where in the world this activity is conducted from include:
☑ Handling data on EURs.
☑ Offering goods and/or services to EURs.
☑ Monitoring and/or tracking the activities of EURs.
☑ Conducting any form of business or commercial activities with EURs.
☑ How serious you are about doing the right thing with EURs data.
☑ How you store EURs data.
☑ How you process EURs data.
☑ How you access EURs data.
☑ How you transfer EURs data.
☑ How you disclose EURs data.
☑ How you interact with EURs data.
☑ How you react to an infringement on EURs data.
The principles are based on entities being responsible in considering what accountability they may or may not need to comply with. This is strictly based on the unique and specific circumstances of their activities and how they utilize the data they receive.
Each entities principles of compliance will differ according to interpretation and circumstances. The core principle is being able to demonstrate that you are committed to GDPR Compliance and are being proactive in achieving this target, whilst being able to demonstrate it when required.
Taking this approach will direct you in the right direction towards compliance.
Cookies are small pieces of data stored on a user’s device which allow websites to perform specified actions or preferences.
Cookies are divided 5 categories:
☀ Targeted Cookies: Used to deliver multiple types of targeted digital ads. They store your user data and behavioral information, allowing advertising services to target you within specified audience groups according to variables including but not limited to: ✍age ✍gender ✍location ✍personal interests ✍website habits ✍search engine habits ✍social media habits, just to name a few.
☀ Necessary Cookies: Used by a website to deliver you the information and services they offer in a secure and optimized manner. In most cases, you must accept these “necessary cookies” to be able to make use of their online systems.
☀ Functional Cookies: They are essential for a website to work, for example: ✍making sure that you don’t have to keep logging into the website each time you visit a different page ✍keeping track of your shopping cart on the website ✍making sure the online live support maintains contact with you, especially when navigating the site.
☀ Performance Cookies: Used for internal purposes to help the website in providing you with a better user experience. The cookies help the operators of the website to better understand how it’s used by visitors, shoppers and members. From this information they can improve the way the site works and deliver better content to you. One example is when they use an external company such as Google to perform such an analysis via their services. In this instance, they may set third party cookies to enable this to function correctly.
☀ Undefined Cookies: This is something of a hit and miss scenario as undefined cookies can come from a number of factors including your personal settings on your device.
Yes, photography is subject to the GDPR regulations.
Once upon a time there were only 2 things certain in life & now there are 3.
The sooner you come to grips with GDPR, the better of you’ll be in the long run.
Following these six steps will place you in good standing with GDPR protocols, setting your path towards a bright future with your audience.
Forget bitcoin, trust is the new currency of the future!
When it’s for contractual reasons, for example you purchased a product, service, made a donation and actions of similar nature, it generally ranges about 6-7 years.
It’s always good to reach out to the entity to clarify this for you. You’ll find that the majority of companies will be more than happy to answer your question. Keep in mind that they have 30 days to respond to you.
Here is a great infograph from Erik Underwood c/o TechRepublic, with interesting insights into why your data is being collected.
Article 27 of the GDPR is the first line of defense. It requires companies without operations in the EU to appoint an EU representative. If that doesn’t happen, non-EU companies will be perused via local enforcement actions within their country via mutual legal assistance treaties (MLAT), and private prosecutions under similar local laws.
Yes, Non EU Entities have to comply the moment they apply, handle, process, and/or monitor personal data of residents (full-time or temporary including foreign tourists) within the European Union.
Furthermore, it matters not whether you hold onto the data for 1 minute or 10 years.
The logical answer is yes you do, as they are your controllers and processors of the information you receive. Furthermore it matters not whether you are a small family business or a large organization,
The purpose of a certification is to develop a code-of-conduct for your staff to follow, which in return helps them understand the requirements and actions needed in being compliant.
Richard Branson said it best: “Customers come second, employees first. It’s a philosophy that brings unexpected benefits to both the company and its clients.”
The short answer is yes.
In saying that, a monetary fine is only one of the corrective measures included in the GDPR to apply pressure on controllers and processors to comply with the regulation.
Not all violations will result in a monetary fines, and not all fines will be based on the maximum amount, though rest assured it won’t be pocket change either.
A monetary fine is the last step in a long process designed to address the scope of an infringement by a Controller and/or Processor, concurrently assessing on how the organization allowed the infringement to happen in the first place and to monitor what steps have been taken to address the violation and any further violations.