Search

Since 25 May 2018, the General Data Protection Regulation imposes stricter accountability obligations on private and public actors. You will be required to constantly ensure that the rules set out in the Regulation are followed and must be able to

Both you and your processors shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk. These security measures shall take into account the state of the art, the costs of implementation

Only choose processors that provide sufficient guarantees to ensure the protection of the personal data processed. Conclude a contract that sets out the processor’s obligations concerning the security, the confidentiality and the protection of the processed personal data.

To demonstrate your compliance with the Regulation, you must maintain the necessary documentation. To continuously ensure the protection of the personal data you processed, you must regularly audit the actions and documentation relating to every phase of the processing operations

If the European Commission does not recognise the country to which you are transferring personal data as adequate, you must provide appropriate safeguards when transferring personal data outside the European Union.

If you have determined that the processing is likely to result in a high risk to the rights and freedoms of data subjects, you must carry out a data protection impact assessment (DPIA) for each processing operation. The DPIA allows...

The General Data Protection Regulation grants certain rights to individuals and defines their conditions and limitations. The controller has to make sure that data subjects can exercise the following rights: 1. Information to the data subject You must inform data

Privacy by design Privacy by design means implementing appropriate security measures at the earliest stages of the development of your products and services. Privacy by default The principle of privacy by default requires the adoption of measures to ensure that

You notice that information concerning you is inaccurate or irrelevant. Instead of requesting the erasure of the data, you prefer a restriction. You shall have the right to obtain from the controller restriction of processing where one of the following

You are visting a search engine (Google, Bing, Yahoo etc.) and, when you enter a combination of your first and last name, you find a search result that is wrong or irrelevant. What can you do? Contact the search engine

The Data Protection Officer (DPO) has an important role in the legal framework created by the General Data Protection Regulation (GDPR). Articles 37 to 39 GDPR lay down the rules applicable to the designation, position and tasks of the DPO

If you have noticed that personal data concerning you is inaccurate, incomplete or simply not up to date, you can request to rectify it. If contacted, the controller has to correct the inaccurate information concerning you. This right prevents an

The General Data Protection Regulation grants you rights that allow you to control the use of your own personal data:

You change you online provider and want to retrieve your data? The right to data portability allows you to receive, free of charge, the data you provided to a controller, in a structured, commonly used and machine-readable format

If the retention of data concerning you is no longer justified, you may request their erasure. If the controller has no legitimate reason (e.g. legal obligations at the accounting level) that justifies the retention of your data, then they

Your bank refuses to give you a loan because the “system does not want”, what can you do? Ask for explanations and if necessary contest this decision taken without human intervention. Indeed, you have the right to be informed about

You can exercise your right of access by contacting the controller directly and ask to obtain the personal data he concerning you and certain additional information. Examples : You buy a product on the Internet and want to know what information

Article 92 - Exercise of the delegation Article 93 - Committee procedure Article 92 - Exercise of the delegation The power to adopt delegated acts is conferred on the Commission subject to the conditions laid down in this Article. The

Article 85 -  Processing and freedom of expression and information  Article 86 - Processing and public access to official documents Article 87 - Processing of the national identification number Article 88 - Processing in the context of employment

Article 94 -Repeal of Directive 95/46/EC Article 95 - Relationship with Directive 2002/58/EC Article 96 - Relationship with previously concluded Agreements Article 97 - Commission reports Article 98 - Review of other Union legal acts