Hi, If your RoPA has not been tracked for three years, I would recommend starting the inventory again. You can then choose to re-enter everything from scratch, but comparing and updating is of course also an option. It is of course important to register all changes and new processing activities fromRead more
Hi,
If your RoPA has not been tracked for three years, I would recommend starting the inventory again. You can then choose to re-enter everything from scratch, but comparing and updating is of course also an option.
It is of course important to register all changes and new processing activities from now on.
Hi, In the default settings Google Analytics is a Joint Controller. But why would you damage your company reputation with Google Analytics? Please use Matomo https://matomo.org (former Piwik) and be in full control with data ownership and privacy protection.
Hi,
In the default settings Google Analytics is a Joint Controller.
But why would you damage your company reputation with Google Analytics? Please use Matomo https://matomo.org (former Piwik) and be in full control with data ownership and privacy protection.
Of course you can look at a possible alternative. But from a privacy point of view, using Slack is no problem in my opinion. They do not only comply with the GDPR but also with all kinds of other standards and frameworks. Safe to use.
Of course you can look at a possible alternative. But from a privacy point of view, using Slack is no problem in my opinion. They do not only comply with the GDPR but also with all kinds of other standards and frameworks.
I think that if the purpose of processing and the legal basis are well formulated and there is no compulsion to give consent, it should not be a problem. Hopefully your organisation complies with the GDPR on all fronts.
I think that if the purpose of processing and the legal basis are well formulated and there is no compulsion to give consent, it should not be a problem. Hopefully your organisation complies with the GDPR on all fronts.
An employer is of course allowed to give thank you gifts to his staff, especially around the holidays. The GDPR thinks it is fine if you send it in a time of pandemic and / or working from home. That simply falls under being a good employer, or in other words, implementation of the employment contraRead more
An employer is of course allowed to give thank you gifts to his staff, especially around the holidays. The GDPR thinks it is fine if you send it in a time of pandemic and / or working from home. That simply falls under being a good employer, or in other words, implementation of the employment contract. And if you are a more precise DPO, you can use the legitimate interest as legal basis. In practical terms, only employees can object.
Hi Phil, Putting your thoughts on paper and then make the report: I think you have a point there. Now we always start from a standard questionnaire. But are these questions the questions you need for the incident you are dealing with? That's why I insist that we are not computers, but human beings.Read more
Hi Phil,
Putting your thoughts on paper and then make the report: I think you have a point there. Now we always start from a standard questionnaire. But are these questions the questions you need for the incident you are dealing with? That’s why I insist that we are not computers, but human beings. So that we can continue to think and draw conclusions ourselves.
I can write a comprehensive story, but why should I do that if research has already been done. In this blog from privacy-ticker.com >> https://www.privacy-ticker.com/clubhouse-data-protection-issues/, it becomes clear what is wrong. Here you can read Clubhouse's privacy policy >> https:/Read more
In the Netherlands, as in other countries, you can take out cyber insurance. Depending on which insurance company you have and which policy you have taken out, a civil fine as well as a fine from the regulator can be insured. Hiscox is a well-known name in this.
In the Netherlands, as in other countries, you can take out cyber insurance. Depending on which insurance company you have and which policy you have taken out, a civil fine as well as a fine from the regulator can be insured.
Data mapping document
Henk van Leussen
Hi, If your RoPA has not been tracked for three years, I would recommend starting the inventory again. You can then choose to re-enter everything from scratch, but comparing and updating is of course also an option. It is of course important to register all changes and new processing activities fromRead more
Hi,
If your RoPA has not been tracked for three years, I would recommend starting the inventory again. You can then choose to re-enter everything from scratch, but comparing and updating is of course also an option.
It is of course important to register all changes and new processing activities from now on.
See lessGoogle Analytics
Henk van Leussen
Hi, In the default settings Google Analytics is a Joint Controller. But why would you damage your company reputation with Google Analytics? Please use Matomo https://matomo.org (former Piwik) and be in full control with data ownership and privacy protection.
Hi,
In the default settings Google Analytics is a Joint Controller.
But why would you damage your company reputation with Google Analytics? Please use Matomo https://matomo.org (former Piwik) and be in full control with data ownership and privacy protection.
See lessBest chat app for businesses?
Henk van Leussen
Of course you can look at a possible alternative. But from a privacy point of view, using Slack is no problem in my opinion. They do not only comply with the GDPR but also with all kinds of other standards and frameworks. Safe to use.
Of course you can look at a possible alternative. But from a privacy point of view, using Slack is no problem in my opinion. They do not only comply with the GDPR but also with all kinds of other standards and frameworks.
Safe to use.
See lessCollecting Special Category Data for staff
Henk van Leussen
I think that if the purpose of processing and the legal basis are well formulated and there is no compulsion to give consent, it should not be a problem. Hopefully your organisation complies with the GDPR on all fronts.
I think that if the purpose of processing and the legal basis are well formulated and there is no compulsion to give consent, it should not be a problem. Hopefully your organisation complies with the GDPR on all fronts.
See lessPosting gifts to employees
Henk van Leussen
An employer is of course allowed to give thank you gifts to his staff, especially around the holidays. The GDPR thinks it is fine if you send it in a time of pandemic and / or working from home. That simply falls under being a good employer, or in other words, implementation of the employment contraRead more
An employer is of course allowed to give thank you gifts to his staff, especially around the holidays. The GDPR thinks it is fine if you send it in a time of pandemic and / or working from home. That simply falls under being a good employer, or in other words, implementation of the employment contract. And if you are a more precise DPO, you can use the legitimate interest as legal basis. In practical terms, only employees can object.
See lessFire destroyed personal data
Henk van Leussen
Hi Phil, Putting your thoughts on paper and then make the report: I think you have a point there. Now we always start from a standard questionnaire. But are these questions the questions you need for the incident you are dealing with? That's why I insist that we are not computers, but human beings.Read more
Hi Phil,
Putting your thoughts on paper and then make the report: I think you have a point there. Now we always start from a standard questionnaire. But are these questions the questions you need for the incident you are dealing with? That’s why I insist that we are not computers, but human beings. So that we can continue to think and draw conclusions ourselves.
Then we can do the reporting.
See lessGDPR vs. Clubouse
Henk van Leussen
I can write a comprehensive story, but why should I do that if research has already been done. In this blog from privacy-ticker.com >> https://www.privacy-ticker.com/clubhouse-data-protection-issues/, it becomes clear what is wrong. Here you can read Clubhouse's privacy policy >> https:/Read more
I can write a comprehensive story, but why should I do that if research has already been done. In this blog from privacy-ticker.com >> https://www.privacy-ticker.com/clubhouse-data-protection-issues/, it becomes clear what is wrong.
Here you can read Clubhouse’s privacy policy >> https://www.notion.so/Privacy-Policy-cd4b415950204a46819478b31f6ce14f.
See lessGDPR consultancy concerns/Confusion
Henk van Leussen
And what exactly is your question?
And what exactly is your question?
See lessDifference between GDPR and UK GDPR
Henk van Leussen
Waiting and waiting is a disease that many - including non-UK organisations - suffer from...
Waiting and waiting is a disease that many – including non-UK organisations – suffer from…
See lessGDPR fines
Henk van Leussen
In the Netherlands, as in other countries, you can take out cyber insurance. Depending on which insurance company you have and which policy you have taken out, a civil fine as well as a fine from the regulator can be insured. Hiscox is a well-known name in this.
In the Netherlands, as in other countries, you can take out cyber insurance. Depending on which insurance company you have and which policy you have taken out, a civil fine as well as a fine from the regulator can be insured.
Hiscox is a well-known name in this.
See less