Close this search box.
AI-based solution designed to automate personal data discovery and classification
Discover personal data across multiple systems in the cloud or on-premise
Harbor cooperation between DPO, Legal Services, IT and Marketing
Turn data subject request into an automated workflow with a clear insight into data every step of the way
Collaborate with stakeholders and manage DPIA and LIA in real-time with Assessment Automation
Guide your partners trough vendor management process workflow
Identifying the risk from the point of view of Data Subject
Quickly respond, mitigate damage and maintain compliance
Consolidate your data and prioritize your relationship with customers
Privacy portal allows customers to communicate their requests and preferences at any time
Introducing end-to end automation of personal data removal

Latest Blog posts

Learn the terms

General Data Protection Regulation

Here you can find the official content of the Regulation (EU) 2016/679 (General Data Protection Regulation) in the current version. All Articles of the GDPR are linked with suitable recitals.

Latest papers

AZOP Initiates Investigation Against Political Party for Potential GDPR Violation

vote database gdpr violation

The Croatian Personal Data Protection Agency (AZOP) has initiated proceedings against the Social Democratic Party of Croatia (SDP) for keeping a database of its members, voters, and supporters, with suspicion of potential violation of the General Data Protection Regulation (GDPR).

The Trigger for the Investigation

The media reported on accusations by SDP members against Damir Barbier, their former member and ex-president of the Split branch.

They claimed that upon leaving the party, he misappropriated a database containing data on 12,000 individuals—members, supporters, and potential voters—and used it to call and campaign to persuade them to vote for him ahead of the parliamentary elections, which ultimately triggered the investigation.

GDPR Requirements for Political Parties

Political parties and other participants in election processes, as data controllers, are not required to provide the Agency with information on voters’ or supporters’ databases. However, all relevant provisions of the GDPR apply to them.

This means that for each database containing data on individuals, political parties are required to determine the purpose of processing and legal basis and to meet one of the conditions on the processing of special categories of personal data from Article 9 of the GDPR, considering that data on political beliefs is classified as a special category of personal data and enjoys special protection.

Additionally, AZOP explained that political parties are obligated to implement appropriate organizational and technical measures to safeguard such databases from any unauthorized alteration, destruction, unauthorized access, and similar, all in accordance with the principle of personal data security and ensuring the integrity, confidentiality, and availability of data.

Supervisory Activities So Far

AZOP’s supervisory action over the Social Democratic Party of Croatia is underway, and it is announced that the same will follow for all other entities reported in the media as being involved in potential personal data breaches.

Recently, the Croatian Personal Data Protection Agency has shown increased activity, which should serve as a warning to all companies and organizations to bring their processing of personal data into compliance and avoid potential risks and reputational damages.

Request a Data Privacy Manager demo

Let us navigate you through the Data Privacy Manager solution and showcase functionalities that will help you overcome your compliance challenges.

Scroll to Top