We've compiled a list of the biggest GDPR fines ever issued so far to show businesses the consequences of not complying with the GDPR.| Termly
Each supervisory authority shall ensure that the imposition of administrative fines pursuant to this Article in respect of infringements of this Regulation referred to in paragraphs 4, 5 and 6 shall in each individual case be effective, proportionate and dissuasive. 1Administrative fines shall, depending on the circumstances of each individual case, be imposed in addition … Continue reading Art. 83 GDPR – General conditions for imposing administrative fines| General Data Protection Regulation (GDPR)
The controller shall consult the supervisory authority prior to processing where a data protection impact assessment under Article 35 indicates that the processing would result in a high risk in the absence of measures taken by the controller to mitigate the risk. 1Where the supervisory authority is of the opinion that the intended processing referred … Continue reading Art. 36 GDPR – Prior consultation| General Data Protection Regulation (GDPR)
To help businesses understand the consequences of not securing data, we’ve created a list of the biggest data breaches of all time.| Termly
Masha is a Data Privacy Specialist and a Certified DPO. She's been helping small and medium-sized enterprises achieve legal compliance for six years.| Termly
Between data laws and consumer demand, opt-in and opt-out mechanisms are a critical part of running any online business. Learn the difference and how-to use each method of getting consent!| Termly
Data controllers and data processors work in unison, however one reports to the other along with other differences.| Termly
A data processing agreement (DPA) is a legal contract outlining the rights and obligations of the parties involved in data processing.| Termly
Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the controller and the processor shall implement appropriate technical and organisational measures to ensure a level … Continue reading Art. 32 GDPR – Security of processing| General Data Protection Regulation (GDPR)
We cover everything you need to know about Data Subject Access Requests (DSAR) and how you should respond to a DSAR.| Termly
This easy-to-digest guide outlines everything that businesses need to know about the Virginia Consumer Data Protection Act (VCDPA).| Termly
This easy-to-digest guide outlines everything that businesses need to know about the Utah Consumer Privacy Act (UCPA).| Termly
Find out what personal information is under a variety of data privacy laws and learn how to protect it and keep your business compliant.| Termly
Use our free consent management platform to obtain proper consent for cookie usage and data collection according to data privacy laws.| Termly
The controller and the processor shall designate a data protection officer in any case where: the processing is carried out by a public authority or body, except for courts acting in their judicial capacity; the core activities of the controller or the processor consist of processing operations which, by virtue of their nature, their scope … Continue reading Art. 37 GDPR – Designation of the data protection officer| General Data Protection Regulation (GDPR)
Connecticut's new consumer data privacy law is the latest state law regulating consumer privacy online and will go into effect July 1, 2023.| Termly
The Colorado Privacy Act was inspired by many data privacy laws that came before it, but it also does some things differently.| Termly
The California Consumer Privacy Act (CCPA) is a California privacy law in effect since Jan 1, 2020, which gives consumers more data rights.| Termly
We take a look at the subtle differences between personal and sensitive personal information and how your business needs to handle each one.| Termly
For the purposes of this Regulation: ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to … Continue reading Art. 4 GDPR – Definitions| General Data Protection Regulation (GDPR)
1Each controller and, where applicable, the controller’s representative, shall maintain a record of processing activities under its responsibility. 2That record shall contain all of the following information: the name and contact details of the controller and, where applicable, the joint controller, the controller’s representative and the data protection officer; the purposes of the processing; a … Continue reading Art. 30 GDPR – Records of processing activities| General Data Protection Regulation (GDPR)
The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies: the personal data are no longer necessary in relation to … Continue reading Art. 17 GDPR – Right to erasure (‘right to be forgotten’)| General Data Protection Regulation (GDPR)
The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her. Paragraph 1 shall not apply if the decision: is necessary for entering into, or performance of, a contract between … Continue reading Art. 22 GDPR – Automated individual decision-making, including profiling| General Data Protection Regulation (GDPR)
Where personal data have not been obtained from the data subject, the controller shall provide the data subject with the following information: the identity and the contact details of the controller and, where applicable, of the controller’s representative; the contact details of the data protection officer, where applicable; the purposes of the processing for which … Continue reading Art. 14 GDPR – Information to be provided where personal data have not been obtained from the data subject| General Data Protection Regulation (GDPR)
Use our free privacy policy generator to create a CCPA, GDPR, and CalOPPA compliant privacy policy for your website, app, SaaS, and more.| Termly
We take a look at the most alarming data privacy statistics that showcase why businesses need to take data privacy seriously.| Termly
Personal data shall be: processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’); collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research … Continue reading Art. 5 GDPR – Principles relating to processing of personal data| General Data Protection Regulation (GDPR)
Where personal data relating to a data subject are collected from the data subject, the controller shall, at the time when personal data are obtained, provide the data subject with all of the following information: the identity and the contact details of the controller and, where applicable, of the controller’s representative; the contact details of … Continue reading Art. 13 GDPR – Information to be provided where personal data are collected from the data subject| General Data Protection Regulation (GDPR)
Where processing is to be carried out on behalf of a controller, the controller shall use only processors providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that processing will meet the requirements of this Regulation and ensure the protection of the rights of the data subject. 1The processor shall … Continue reading Art. 28 GDPR – Processor| General Data Protection Regulation (GDPR)
The insights capture the views of 8,000 consumers across the UK, France, Brazil, South Korea and the USA to derive the key challenges and fears that consumers face around data privacy.| Truata