Close this search box.
AI-based solution designed to automate personal data discovery and classification
Discover personal data across multiple systems in the cloud or on-premise
Harbor cooperation between DPO, Legal Services, IT and Marketing
Turn data subject request into an automated workflow with a clear insight into data every step of the way
Collaborate with stakeholders and manage DPIA and LIA in real-time with Assessment Automation
Guide your partners trough vendor management process workflow
Identifying the risk from the point of view of Data Subject
Quickly respond, mitigate damage and maintain compliance
Consolidate your data and prioritize your relationship with customers
Privacy portal allows customers to communicate their requests and preferences at any time
Introducing end-to end automation of personal data removal

Latest Blog posts

Learn the terms

General Data Protection Regulation

Here you can find the official content of the Regulation (EU) 2016/679 (General Data Protection Regulation) in the current version. All Articles of the GDPR are linked with suitable recitals.

Latest papers

What does the GDPR mean for your business?

What does the GDPR mean for your business

We can say that the process of implementation of the General Data Protection Regulation (GDPR) principles is an ongoing thing.

For an inconversant bystander, it may look like nothing much changed after 25 May 2018. However, there are slight improvements that are pointing to the course of the process.

Most notably, in general awareness of the compliance challenges, knowledge about good and bad practices, and on a larger scale, the fact that different countries across the globe realized the urgency of passing laws similar to the GDPR.

Read the blog: 5 things you need to know about Data Privacy

This means that supervisory authorities are getting stricter with fines, and the public generally gets a better feel about their rights and how to exercise them.

For businesses, you will have to deal with more knowledgeable customers and implement several data privacy and security measures. Privacy is a new strategic vision of any company that wishes to keep its customers.

100 Data Privacy and Data Security statistics for 2020

Data protection principles

Personal data must be processed lawfully and collected only for specific, explicit purposes. Collected data have to be minimized, accurate, and kept up to date.

It needs to be processed to ensure appropriate security and protection against unauthorized or unlawful processing, accidental loss, and destruction or damage using appropriate technical or organizational measures.

Six principles for processing of personal data

1. Lawfulness, fairness, and transparency

The GDPR states that you must inform an individual of any personal data processing in a timely and understandable way, using easily understandable language.

There is a mandatory list of information that needs to be disclosed to an individual before the processing of his personal data.

2. Purpose limitation

You must only collect personal data for a specific, explicit, and legitimate purpose. You must clearly state the purpose of collecting and collecting data only for the time necessary to complete the purpose.

3. Data minimization

You must ensure that the personal data you process is adequate, relevant, and limited to what is necessary for your processing purpose.

Put the data minimization principle in practice on your data collection points and make sure the data subject is notified of who collects data, how is his/her personal data used, how long will you keep the data, and whether any third parties are included in the processing.

5. Accuracy

You must take every reasonable step to update or remove inaccurate or incomplete data. Individuals have the right to request that you erase or rectify erroneous data related to them, and you must do so within a month.

6. Storage limitation

You must delete personal data when you no longer need it. The time scales, in most cases, aren’t set. They will depend on your business’ circumstances and why you collect this data.

We strongly recommend you download our eBook that explains in detail how to orchestrate a GDPR-compliant data removal and how to create data retention policies.

7. Integrity and confidentiality

You must keep personal data safe and protected against unauthorized or unlawful processing and accidental loss, destruction, or damage, using appropriate technical or organizational measures.

8. Accountability

The General Data Protection Regulation integrates accountability as a principle that requires that organizations implement appropriate technical and organizational measures and demonstrate compliance with the supervisory authority.

Accountability principle requires you to demonstrate compliance with the GDPR and explicitly states that this is your obligation. You are expected to provide comprehensive but appropriate measures. Measures that minimize the risk of misuse and protect personal information.

These measures can include:

  • Keeping appropriate documentation on what personal data is processed, by whom, and for how long
  • Keeping compliant Records of processing activities
  • Introducing internal procedures for the GDPR processes
  • Appointing a Data Protection Officer or documenting internal analysis of whether you need to appoint a DPO or not, so you can demonstrate that all relevant factors were taken into account
  • Introducing appropriate IT measures and systems for processing, managing, and protecting personal data

Data Breach

A critical concern that warrants attention is the risk of a data breach, an ever-present threat that can affect companies of varying sizes, whether they are large enterprises or smaller organizations.

A data breach is a security incident in which information is accessed without authorization or unintentional information disclosure. A personal data breach can be:

  • Access by an unauthorized 3rd party
  • Changing the data without permission
  • Action or inaction by controller or processor –  deliberate or accidental
  • Sending data to the wrong recipient, etc.

In case of a data breach, the company will have to notify the supervisory authority and the affected individuals within 72 hours of the breach’s occurrence.

Such a scenario might result in GDPR fines of up to 20 million EUR or 4% of their annual turnover, which the company would suffer.

Request a Data Privacy Manager demo

Let us navigate you through the Data Privacy Manager solution and showcase functionalities that will help you overcome your compliance challenges.

Scroll to Top