lawful-basis

GDPR Lawful Basis Management

The first thing that most likely comes to the mind when people hear about GDPR is “consent”. That is understandable, as better part of the buzz around GDPR is about customer identities and digital marketing. But this emphasis on consumer identities is casting shadow on other aspects of GDPR that are at least as much[…]

consent-part-2

GDPR – Consent part II.

Consent under the GDPR looks like really complex and complicated issue. Let’s see what we can already clearly explain. To achieve all stated requirements, you need to structure the consent granularly and give data subjects some options. Consent must be “specific”. Blanket consent without stating the exact purpose is not valid, but the GDPR does[…]

GDPR– consent

GDPR – Consent part I.

As we are getting closer to the practical side of processing personal data under the GDPR, firstly we need to understand the reason of processing expressed in lawful basis. The first and most discussed basis is obviously a consent. Today we will identify the nature, characteristics and features of the consent needed to process personal[…]

gdpr-subject-matter-and-scope-thumb

GDPR – Subject matter and scope

Now when we are familiar with GDPR principles and Rights of data subjects it is time to move on and uncover the content and territorial reach of GDPR. We will explain what data, systems and persons are protected by GDPR and who is bound to do so. GDPR applies to all contexts across all sectors.[…]

GDPR–rights-and-principles-III-thumb

GDPR – Rights and principles III.

This article is the last continuation of the GDPR principles series. In the previous articles you could read about the purpose limitation principle and data minimisation or accurancy and data retention periods. Now let’s learn about data security and Accountability. Data security Controllers are responsible for ensuring that personal data are kept secure, against both external and internal threats. This[…]

GDPR rights and principles II

GDPR – Rights and principles II.

Last article was devoted to the principles concerning controller’s duties. On contrary, today’s principles will express what data subjects may call for. Accuracy Personal data must be accurate and kept up to date, in other way it should be deleted or amended. So far nothing new in comparison with the Directive. The controllers must make[…]

GDPR - Rights and principles I.

GDPR – Rights and principles I.

Today we will continue discovering GDPR principles by giving attention to two new principles introduced by GDPR. Both of them seem to be burdensome and restrictive for controllers, presenting their new duties and restraints. The purpose limitation principle The purpose limitation principle says the personal data collected for one purpose should not be used for[…]

midPoint-and-GDPR-thumb

midPoint and GDPR

General data protection regulation (GDPR) is all about good management of identity data. And that is exactly what identity management (IDM) technologies do. Also, it is unlikely that GDPR compliance can be effectively implemented without any support from the technology. And that’s where IDM systems come in again. Overall, IDM technologies are almost perfect fit[…]

GDPR-evolution-not-revolution-thumb

GDPR – The Evolution, not the revolution

Many years have passed since the actual data protecting regime had been set. The technology is making huge steps and virtual environment is full of new threats. The personal data are of a great value in such environment. Therefore, the data protection deserves a proper attention. And GDPR should provide more safety. To understand any[…]

gdpr-and-identity-management-thumb

GDPR and Identity Management

General Data Protection Regulation: a lot of people are already familiar with that. Much more people will have to get familiar with it quite soon. GDPR may be seen as a trouble and there is definitely a lot of work to be done for GDPR compliance. But, honestly, such regulation was bound to happen sooner[…]