AI-based solution designed to automate personal data discovery and classification

Data Inventory

Discover personal data across multiple systems in the cloud or on-premise

Data Processing Inventory (ROPA)

Harbor cooperation between DPO, Legal Services, IT and Marketing

Data Subject Request

Turn data subjects request into an automated workflow with a clear insight into data every step of the way

Assessment Automation

Collaborate with stakeholders and manage DPIA and LIA in real-time with Assessment Automation

Third Party Management

Guide your partners trough vendor management process workflow

Risk Management

Identifying the risk from the point of view of Data Subject

Incident Management

Quickly respond, mitigate damage and maintain compliance

Consent and Preference Management

Data Removal

Introducing end-to end automation of personal data removal

State-of-Privacy-Assessment (SOPA)

Unstructured Data: What it is and How to Discover it

14/09/2023

Learn the terms

Rights in relation to automated decision making and profiling

Clinical Trial Regulation (CTR)

Soft opt-in

General Data Protection Regulation

Here you can find the official content of the Regulation (EU) 2016/679 (General Data Protection Regulation) in the current version. All Articles of the GDPR are linked with suitable recitals.

Latest papers

Saudi Arabia’s Personal Data Protection Law PDPL

24/08/2023

Legal & Ethical Review & Mastering Informed Consent for Clinical Trial Studies

22/03/2023

The Value of Data Discovery Solution In Pharmaceutical Industry

22/03/2023

Personal Information Protection Law (PIPL)

The Chinese Personal Information Protection Law (PIPL) is a comprehensive data privacy law that was passed by the Standing Committee of the National People’s Congress on August 20, 2021, and came into full effect on November 1, 2021.

The PIPL is the first national-level data privacy law in China and is designed to regulate the collection, use, processing, and transfer of personal information by both public and private entities.

Under the PIPL, individuals have the right to know and consent to the collection and use of their personal information, and have the right to request that their personal information be deleted, corrected, or suspended. The law also requires organizations to implement measures to protect personal information, including implementing security measures and appointing a data protection officer.

One of the most significant features of the PIPL is its extraterritorial reach, which means that it applies to any organization that processes the personal information of individuals within China, regardless of where the organization is located. This includes organizations outside of China that offer goods or services to individuals within China or analyze the behavior of individuals within China.

Overall, the PIPL is seen as a major step forward for data privacy in China and is expected to have a significant impact on businesses operating in China, as well as those outside of China that process personal information related to Chinese individuals.

Rights according to the PIPL

The Chinese Personal Information Protection Law (PIPL) guarantees several rights for individuals regarding their personal information. These include:

Right to be informed: Individuals have the right to be informed about the collection, use, and storage of their personal information.
Right to access and correct: Individuals have the right to access and correct their personal information held by organizations.
Right to deletion: Individuals have the right to request the deletion of their personal information under certain circumstances, such as when the information is no longer necessary for the purpose for which it was collected or when it was collected illegally.
Right to object: Individuals have the right to object to the processing of their personal information in certain situations, such as when the processing is for direct marketing purposes.
Right to portability: Individuals have the right to receive their personal information in a structured, commonly used, and machine-readable format and to transfer that information to another organization.
Right to withdraw consent: Individuals have the right to withdraw their consent to the processing of their personal information at any time.

All
A
B
C
D
E
F
G
Glossaries
H
I
K
L
M
N
O
P
R
S
T
U
V

Access Control

Accountability principle

Accuracy

Anonymization

Article 29 Working Party

Audit trail

Authentication

Behavioral Advertising

Biometric Data

Breach disclosure

California Consumer Privacy Act (CCPA)

California Online Privacy Protection Act (CalOPPA)

CIA Triad

Clinical Trial Regulation (CTR)

Compliance

Consent

Cookie consent

Cookies

Cross border processing

Cybersecurity

Dark Data

Data Breach

Data Controller

Data Domain

Data Governance

Data Graveyard

Data interception

Data Minimization

Data Privacy

Data Processor

Data Protection Authority

Data Protection Officer

Data Quality Management

Data Removal

Data Retention

Data Subject

De-identifiable data

Defensive Data Strategy

Direct Marketing

e-Privacy Directive

Encryption

EU member states

EU-US Privacy Shield

European Commission

European Council

European Court of Justice (ECJ)

European Data Protection Board (EDPB)

European Data Protection Supervisor (EDPS)

Explicit consent

Fairness

FDPIC

GDPR fines

GDPR Principles

General Data Protection Regulation

Genetic data

HIPAA

Incident response

Information Privacy

Invisible processing

Keylogging

Lawfulness

Lead Supervisory Authority (LSA)

Legal Basis for Processing

Machine learning

NDPR/ Nigeria Data Protection Regulation

NIST Privacy Framework

NYOB

Offensive Data Strategy

Opt-in

Opt-out

Payment Service Directive (PSD2)

Personal data