GDPR Journal
GDPR COMMENTS & ADVICE

GDPR Notes

Article 30 - Record of Processing Activities - what should it contain?
The Record of Processing Activities serves to enable an organisation to have a clear picture, internally, of processing activities as well as providing evidence to authorities as how to data is being used.
May 5, 2021
When do you need to conduct a DPIA?
Under Article 35(1) of the GDPR companies and organisations are required to conduct a Data Protection Impact Assessment where their processing activities are likely to result in high risk to the rights and freedoms of data subjects. The DPIA should be done BEFORE processing begins, in line with the principles of data processing by design and default
February 19, 2021
Article 27 - the EU Representative
Almost three years into the GDPR, companies, by now, understand they have to be GDPR compliant but they don’t always know that if they are a Non-EU company falling under the scope of GDPR, that does not have an enterprise in the EU, they will probably need an EU representative to be in place, as provided by Article 27.
January 25, 2021
Brexit - what happens to data flows now?
A temporary solution has been agreed between the UK and EU to allow data flows to continue for a period of up to six months following the United Kingdom’s departure. Data transfer arrangements currently in place will continue for this defined period while it is being decided whether the UK will be given ‘adequacy’ status.
December 30, 2020
CNIL issues fine to tech giants over tracking cookies.
Automatic dropping of cookies onto visitors to both Amazon.fr and Google.fr have landed the two companies with huge fines. The French data protection agency, CNIL, has issued penalty notices of €35 million and €100 million respectively after an investigation into breaches of Article 82 of the GDPR.
December 14, 2020
Facebook Messenger Ads New Rules for GDPR - Messenger Ads shown in European Economic Area EEA
Facebook is updating its Messenger products to align with new GDPR privacy rules in Europe. This change will impact businesses globally that use Messenger ads products in the European Economic Area (EEA) and will result in some features being unavailable.
December 9, 2020
Cookie Walls - EDPB updated guidelines release
‘Cookie walls’ are not legal. This was the message reinforced by them on Monday in the update to their guidelines, in which they reiterated that consent should always be freely obtained. Clearly, permission is not at all free if a user has to accede to something in order to access a website.
May 7, 2020
GDPR & COVID-19
Data protection rules (such as GDPR) do not hinder measures taken in the fight against the coronavirus pandemic.” This, the summary by the Chair of the European Data Protection Board (EDPB) dated 19 March 2020.
April 16, 2020
The Data Protection Officer (DPO)
The idea of having a Data Protection Officer within a company or organisation is to offer a further measure of security and added protection of the data that is collected and held, the DPO effectively acts as an extra safeguard
March 11, 2020
GDPR Checklist - Small and Medium Sized Businesses
If you are a small or medium sized business finding that GDPR feels like an overwhelming task, focus of some key areas and objectives and get some of the important things off the list.
January 14, 2020
GDPR Checklist - Data Privacy by Design
Privacy by design is an approach to projects that promotes privacy and data protection compliance from the start of any project or when a change in the way data is used with your organisation occurs.
January 8, 2020
GDPR Checklist - California’s GDPR - California Consumer Privacy Act (CCPA)
Sometimes referred to as ‘California’s GDPR’, there exists some significant difference between how data types and subjects rights are defined. Important differences include that definitions tends to be broader under CCPA and CCPA covers more types of data.
December 6, 2019
GDPR Checklist - GDPR Compliance Subject Access Requests (SARs)
The first step when addressing the issue of Subject Access Requests (SARs) then is to ensure all staff members know what they are and crucially what they need to do with them.
November 28, 2019
GDPR Checklist - ePrivacy Regulation & Cookies
If your website is based in the EU or directed towards EU citizens and you use cookies you must comply with the EU’s ePrivacy Directive which means consent to use cookies must be obtained before they are placed.
November 19, 2019
GDPR Checklist - GDPR Data Transfers EU and Other Countries
When data is transferred outside of your organisation to another EU country it is always recommended that you put a contract in place that specifies the conditions of the data transfer.
November 15, 2019
GDPR Checklist - GDPR Consent Checklist for the Processing of Personal Data
Consent within GDPR relates to you as an organisation clearly stating what a data subject is agreeing to and what rights that have when they agree to their personal data being processed.
November 7, 2019
GDPR Checklist - Maintaining GDPR Compliance Through Record Keeping
The GDPR requires that you keep continuous records of activities within your organisation and you need to ensure compliance is being maintained by regularly updating them.
November 6, 2019
GDPR Checklist - GDPR No Deal Brexit
If the UK leaves the EU in a “No-Deal Brexit”, the UK will drop to "3rd country status" with no adequacy decision awarded.Under the GDPR, personal data can only be transferred to third countries in compliance with the conditions for cross-border data transfers set out in Chapter V (Articles 44 to 50, GDPR).
November 4, 2019
GDPR Checklist - GDPR Data Audit
Conducting an organisation wide data audit to find out what personal data is being held, where and by whom. Once the data audit is complete, you should have a clear idea of what data your organisation keeps and how it is being used.
November 4, 2019
GDPR Checklist - Types of Hacking Attacks and What To Do About Them
Most security breaches are performed by people inside the organisation running the target system. The most comprehensive software security configuration in the world means nothing if someone can approach your machine and boot a USB containing exploit code.
August 31, 2019
GDPR Checklist - The Flame Virus
Flame was a game changer for malware threats. It became an instrumental tool for cyber attacks. Sophisticated threats will mean the requirement for sophisticated proactive security and an agreed robust international legal framework. Otherwise Governments will continue to evolve and use their Cyber weapons. At the very least these attacks are a wakeup call for all businesses nationally as well as internationally to adhere to compliance standards that will help protect their business and customer data.
August 31, 2019
Channel Partners
PanoSec Channel Partners Program is focused on web agencies, technology companies, security VARs, SaaS service providers, business continuity experts and insurance companies who will use PanoSec as a part of their security offer to end users.

Start Now