The right of access gives the individual the ability to learn whether his or her personal data are being processed. If an individual’s personal data are being processed, the individual has the ability to obtain the following information: The purposes of the processing; The categories of personal data being processed; The recipients or categories of […]
Author Archives: GDPRsimple
The right of information – What information should be in a “website” privacy notice?
As was discussed in an earlier blog, a “website” privacy notice is an amalgam of “individual” and “third-party” privacy notices, and it is posted by an organization on its website so interested individuals can ascertain what an organization’s privacy practices are and so visitors to the website can determine what personal data are collected when […]
The right of information – What information should be in a “third-party” privacy notice?
As was discussed in an earlier blog, a “third-party” privacy notice is one where the personal data have not been obtained from the individual. As in an “individual” privacy notice, the purpose of the processing must be included in the “third-party” notice, and if there is further processing of the personal data that is different […]
When the NY AG comes a knocking … Zoom responds to privacy and security concerns. What are they? Is it enough?
As I wrote in a blog last week, Zoom meetings now require a password. In that blog, I wondered what was causing Zoom to add this requirement at this time. I speculated it could be a new security incident but couldn’t find any evidence of such an occurrence. Now we know the reason was Zoom’s […]
The right of information – What information should be in an “individual” privacy notice?
As was discussed in the last blog, an “individual” privacy notice is one that is provided by the controller to the individual at the time the personal data relating to the individual are obtained. The notice sets forth the purposes of the processing. If there is further processing of the personal data that is different […]
Passwords & Zoom…
Tuesday evening Zoom sent an email advising that starting May 9th it is requiring all customers to use passwords. If participants join by clicking a link with a password embedded (a practice I recommend against for reasons mentioned in my earlier blog), there’s no change in how a participant joins a meeting. If a participant […]
The right of information – What types of privacy notices are there?
As mentioned in the previous blog, the right to information (Articles 13 and 14 of the GDPR) requires the controller to provide to the individual certain information when personal data are collected from the individual and are obtained from other sources. The documents, either printed or electronic, by which this information is provided can be […]
What types of individual rights are there under the GDPR?
Last week I wrote a blog about how the UK and the Irish regulators are being more lenient if you need more time to respond to requests under the GDPR. That blog did not describe or explain those requests. As mentioned in last Friday’s blog on GDPR terminology, there are eight individual rights set forth […]
What’s with all that jargon in the GDPR?
Yesterday I wrote a blog about how the UK and the Irish regulators are being more lenient if you need more time to respond to requests under the GDPR. If you don’t know anything about those requests, that blog didn’t enlighten you. There are eight individual rights set forth in the GDPR. Seven of these […]
COVID-19 Leniency by EU Regulators does not Mean that you get off Easy
What do SMEs do if COVID-19 has interfered with their ability to respond to GDPR (General Data Protection Regulation) requests? The GDPR requires organizations to provide individuals information on actions they have taken on access, rectification, erasure, restriction, portability, objection, and automated decision-making requests within one month of receipt of the requests. That time period […]