Category: GDPR

What is a DPA? A Data Processing Agreement (DPA) is a legally binding document to be entered into between the controller and the processor in writing or in electronic form. It regulates the scope and purpose of

What is Data Breach? According to General Data Protection Regulation (GDPR), a personal data breach is a security incident that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to,

Direct marketing includes text messages (SMS) and emails that a customer receives from a product or service provider. But activities of direct marketing may include multiple steps:  collecting personal data from potential customers, creating profiles

What do companies have to include in the records of processing activities? GDPR Article 30 requires companies to keep an internal record, which contains the information of all personal data processing activities carried out by

Data Protection Authorities (DPA) Data Protection Authorities (DPA) are independent public authorities that supervise, through investigative and corrective powers, the application of the GDPR. They provide expert advice on data protection issues and handle complaints

This is a simple GDPR compliance checklist for controllers that you can use to ensure you have considered most important aspects of the GDPR. Before starting, you should first determine whether you process personal data

What are ‘controllers’ and ‘processors’? With this short and simple article, we will try to explain the basics of controllers and processors. Controllers are the main decision-makers – they exercise overall control over the purposes

As we see every day, most companies and organisations still keep their Records of Processing Activities in spreadsheets. Through our experience, we have seen a lot of different formats and approaches. Often such spreadsheets don’t

In the light of the recent ruling of the European Court of Justice, website owners have to bear in mind their data protection responsibilities when using plugins on their websites. This case concerns the German

A year after GDPR came into force, the Lithuanian Data Protection Authority (VDAI) has issued its first administrative fine. UAB ‘Mister Tango’, a company that provides financial operation services globally, was fined 61,500 EUR in respect of