As a data protection professional, you will often find yourself being part of large contractual negotiations, where you will be responsible for data processing agreement. Therefore, please find below a few tips on how to prepare for a (re-) negotiation of data processing agreements to achieve the best possible outcome of these. First of all, know the party on the
As cyber security risks increase and new data protection requirements surface, navigating the privacy and security landscape has become ever more onerous and demanding.Even in organisations with well-established and mature enterprise risk management programs, keeping your risk picture updated and actually having your identified risks under control have become an arms-race. Below, I will share a few risk-reducing steps that
Bringing your privacy and security program to life involve turning the principles and activities outlined in the framework into concrete actions and processes that can be implemented in practice within your organisation. This typically involves defining clear roles and responsibilities, establishing clear lines of communication and decision-making, and setting up systems and processes for monitoring and ultimately enforcing compliance with
The rise of the Data Protection Officer In the final months of preparation for GDPR, Europe witnessed the proliferation of a new work function. All over Europe organisations were appointing data protection officers to ostensibly achieve compliance with the new regulation. A lot of water has passed under the bridge since then. Organisations have now had the opportunity to work
How should we staff our privacy function? A question that regularly comes up when we are working with clients is, “how should we staff our privacy function?” It is normally the CFO that asks the question from the financial perspective, and often the CEO will ask “What do our competitors do?” The answer is not as simple as one would
Last week, I had a long and interesting discussion with one of the leading Scandinavian data protection lawyers. We normally see eye to eye on most matters, so I was genuinely surprised to find myself disagreeing with his position on one of the most fundamental building blocks of data protection regulation, namely the position of the Data Protection Officer (DPO).
The ever-increasing need for access to data for business development purposes and the increasing regulatory requirements, have catapulted data governance into the business environment. This means that data needs to be managed, controlled, and developed in accordance with existing business principles of asset management. However, the value of privacy in a business context must be assessed using the same criterion