Here are four quick summary definitions that will help you get started with GDPR.
Here are four quick summary definitions that will help you get started with GDPR. You can read much more on these elsewhere, but these are a useful starting point:
EU’s GDPR regulation pulls together existing privacy and data regulations and adds tighter definitions, compulsory opt-ins on marketing, and significantly higher sanctions for personal data breaches, which in some cases are un-contestable.
Responsible for ensuring compliance with GDPR
Affino does bulk profiling of contacts, when logging, interests, or conversion events are enabled, therefore your organisation will be ‘bulk data profiling’, and therefore the DPO will be requried by your organisation, with a direct reporting line to the board.
LIAs are used to identify where ... processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data ...
You will therefore need to write up your LIAs to cover all the personal data your organisation holds and identify the legitimate interests in holding and using this data.
A Data Protection Impact Assessment, also known as a PIA, is an assessment to identify and minimise GDPR non-compliance risks. You must have one in place to ensure compliance with GDPR.
For more detail on each start by referencing the ICO documentation, read up on it more broadly, and make sure you seek legal advice on how this pertains to your organisation, especially if you are the DPO who’s running the PIA and prepping for your GDPR LIAs.
20 years of digital business experience with: Audi, BBC, Casio, Diesel, EMI, MasterCard, Rovio, UBM, UMG, and now Gill, Procurement Leaders, Briefing Media, Ocean Media, and IDG. Lead consultant for digital business transformation.
Email firstname.lastname@example.org or Call +44 (0)20 3393 3240