Managing data privacy and security risks: Are you in control of your vendors?

Sonja PijnenburgBlogLeave a Comment

Data protection legislation asks for a different approach to vendor management. As controllers are liable for what their processors do with their customers’ and employees’ personal data, the controller should take action to ensure the processor is in compliance with the applicable legislation. A vendor management strategy is key to minimize data privacy and security risks. Read our best practices to vendor management under data protection legislation in this blog. Vendor management must be qualified as a lifecycle. As data protection needs to be integrated into your processing activities and … Read More

Investing in data and analytics? Are you doing it right?

Christoph BalduckBlogLeave a Comment

What’s the problem? An increasing number of companies (SME’s and Large companies) is investing in data & analytics these days. Usually that results in collecting data in a data lake, and launching a number of use cases by a team of data scientists. Although that’s a good first step delivering actual business value in the short run, it often doesn’t optimise your operational efficiency or makes sure your business runs on correct facts & insights. Too many businesses investing in data & analytics still have difficulty getting their operational data … Read More

How to better prevent and manage a data breach.

Christoph BalduckBlogLeave a Comment

A Portugese hospital recently got fined 400K Euro for allowing too many professionals access to medical files and for not having it’s medical records in order.  While only having about 300 doctors – it had 900+ doctor profiles registered. Aside from the lack of proper role based access – the lack of quality data was a fundamental problem.  Unfortunately, the majority of companies and organisations around the world still face data quality problems – from multinationals to SME’s. The case clearly shows that not having your personal data in order … Read More

GDPR: What’s still on your To-Do List in 2019?

John A. WalshBlogLeave a Comment

After implementing different GDPR programmes and speaking with colleagues, there is broad recognition that there is still some work to be done to be GDPR compliant. The general consensus appears to be that many organisations continue to struggle with the same kinds of GDPR implementation issues. As we look ahead to 2019, here are some of the key recurring issues that should remain on your To-Do list. Perhaps you can add more? Scope Creep The organisational scope was initially too narrow leading to surprises at a later stage. It is … Read More

Which GDPR software tools are available and best suited to support my GDPR programme?

John M WalshBlog

Are you involved in implementing a GDPR/Data Privacy programme?  A fair question to ask is: “Which of the many off-the-shelf GDPR software tools will help accelerate and support my implementation?” To answer that, we must first align on what we mean by data privacy tools. Broadly speaking, we can split the offerings into three groupings: Documentation, Risk and Monitoring tools: Monitoring and Risk management Assessments such as GDPR readiness assessments, DPIA assessments and Privacy Shield Documentation of items such as the Register, data breach and data subject requests Data description, … Read More

Time to review your Data Privacy/GDPR program budget for 2018 and beyond?

John M WalshBlog

By now, most companies and organisations are in full swing with their version of GDPR compliance. After a slow start, we notice that those involved with the implementation are getting to grips with the details of GDPR and what it means for their organisation. Once companies get beyond the assessment phase and start really to understand what is involved, there appears to be varied reactions which can be roughly classified into three types of responses: ‘get us across the line with minimal effort’ ‘take risk based approach and do what … Read More

2-Day GDPR Bootcamp

John M WalshBlog

2 Day GDPR Bootcamp on 21-22 October, 2018 Join us and many other companies on this deep-dive session into GDPR. During the two days, we will go into the details of GDPR and how is can be implemented in practical manner to meet the compliance requirements set out in GDPR. The training shall be provided by Christoph Balduck of Data Trust Associates, a boutique company focused on Data Privacy and Information Management. Christoph is an EU certified Data Protection Officer (EIPA) and has a wide range of experience in the role … Read More

Are we doing GDPR right?

John A. WalshBlog

By now your company will probably have started it’s GDPR journey. As GDPR involves a wide range of topics, all departments of your organisation are involved – either as affected parties, supporting departments or both. That’s why it’s important to not implement GDPR from a purely admin or legal point of view only, but involve IT, data & information management, process management, business architecture and others to support and accelerate the implementation. It’s important not to implement GDPR from a purely admin or legal point of view only,  something we … Read More

GDPR: Budget, Gap & the analogy of polluted water.

Christoph BalduckBlog

GDPR? If you haven’t heard of GDPR by now you’ve either been on a deserted island, went on a digital detox for the last 6 to 12 months, or… anyway you’re one of the few (happy) people not worrying about it’s impact… yet. If you have heard of GDPR or are busy implementing it, you might be wondering what your implementation budget should be, how big the gap can be and how to convey the message in a simple way to all of your colleagues & management. Budget: In terms of total … Read More