+44 1772 217800 
+353 01 554 9700 
+1 303 317 5998Important news: New IDTA and Addendum to the EU SCCs
source: www.penneo.com […]
Read More… from Important news: New IDTA and Addendum to the EU SCCs
Author: Stefanija Rikaloska
Posts by Stefanija Rikaloska
Data protection and AI
When discussing technology advancements, it’s hard not to talk about the General Data Protection Regulation (GDPR) at the same time. Technology, has been the principal problem that data protection laws are trying to solve.The GDPR’s focus on technology is much more explicit than its predecessor, the Data Protection Directive. That’s because technical development allows for […]
ROPA – Requirements and Exemptions
The obligation to create and maintain Records of Processing Activities [ROPA] applies to the majority of controllers and processors, and – for non-EU companies – their EU Representatives. The legal provisions on the register of processing activities are regulated in Article 30 of the GDPR. A widespread misconception concerning ROPAs is that this duty applies […]
Data Protection and Corona Virus
Since vaccinations against corona virus became available, the employers have been increasingly seeking to know their employees’ vaccination status. However, the vaccination status classifies as a health data, which is a special category of personal data under the GDPR. Due to it’s sensitive nature, processing of such personal data is generally prohibited, unless an exception […]
Can you refuse to comply with a Data Subject Access Request [SAR]?
The right of access under GDPR gives data subjects the right to obtain a copy of their personal data. It helps them understand how and why you are using their data and whether you do it lawfully. However, GDPR, DPA 2018 and ICO recognise that, in some circumtances, you might have a legitimate interest for […]
Read More… from Can you refuse to comply with a Data Subject Access Request [SAR]?
Opt-in and privacy rules in EU and USA: key differencies
While opt-in rules in the U.S. and the EU differ, the intent remains the same. These laws aim to protect consumers against unwanted marketing communications. Because data privacy is not a privilege, it is a right. Before engaging in email marketing activities, it is crucial to follow the regulations and market’s best practices to avoid enforcement […]
Read More… from Opt-in and privacy rules in EU and USA: key differencies
USA e-mail marketing rules
In the United States, direct marketing by e-mail is regulated by the federal Controlling the Assault of Non-Solicited Pornography and Marketing Act or so-called CAN-SPAM Act. The Congress passed the CAN-SPAM Act to address the problem of unwanted/spam emails. Its compliance is monitored by the Federal Trade Commission. The CAN-SPAM Act covers all commercial messages, which […]
What US-based companies need to know about GDPR
The EU General Data Protection Regulation [GDPR] is designed to strengthen and unify the protection of personal data of EU data subjects i.e., EU citizens, residents and even, perhaps visitors. For this purpose, the regulation is extraterritorial in scope. That ultimately means that almost every major corporation in the world needs a GDPR compliance strategy. […]
Read More… from What US-based companies need to know about GDPR
The 10 biggest GDPR fines to date – and yes, we are talking hundreds of millions worth of fines
It’s been three years since the introduction of one of the toughest data protection laws – the European General Data Protection Regulation [GDPR]. Since the regulation took effect in May 2018, hundreds of millions of euros worth of fines have been issued across the European Economic Area and the U.K. Any organisation, be it a […]
Getting management to care about GDPR
The GDPR is seen as the gold standard for data privacy and protection around the world. If breached, the enforcement can be harsh, to say the least. Infringement of some of the GDPR laws can result in fines, big fines. For example, a €20 milion or 4% of global annual turnover fine (whichever is greater) […]