White Label

Our Blog

Global Data Transfers
Data Transfers
Henrik Rubaek Joergensen

Managing international data transfers

International data transfer often comes with a list of regulatory requirements. Companies need to ensure that robust processes are in place to assess the need for Data Transfer Mechanisms.

Read More »
Dale Waterman

Leadership and Culture in Data Governance and Data Protection

Introduction We are undergoing a technological revolution that is unlike anything we have experienced before. The speed of the disruption to almost every industry is not easy to anticipate yet we see evidence of the impact everywhere. It is changing the way we live and work – and Covid-19 is likely to accelerate this digitization. Digital transformation, and with it the focus on big data analytics and the adoption of evolving technologies like IoT, cloud computing and AI, is making every business a data business. For any organisation, data will likely become the air you breathe. This article aims to

Read More »
AI and Machine Learning in the DPIA
Ula Krokay

Artificial Intelligence in the (D)PIA

Background AI is a hot topic, not least among the Data Protection Authorities, who have recently been very active developing guidance papers aimed at helping organisations grasp and assess the complexities involved. Examples of such publications include the very recent and open for consultation ICO’s AI auditing framework, or 2018 report from Norwegian DPA on Artificial Intelligence and privacy. These documents look at implications for data protection, and challenges of AI compliance with GDPR. This blog article attempts to present selected considerations and challenges that DPOs should keep in mind when preparing a DPIA for Artificial Intelligence. It does not comprehensively cover all aspects of data protection compliance, rather it

Read More »
Secondary use of data under the GDPR // Paulina Zagorska // White Label Consultancy
secondary purpose
Paulina Zagórska

Secondary use of data under GDPR

Introduction Since GDPR entered into force a lot has been said and written about the way organisations can collect and then process personal data they have. In my opinion though, not much attention has been devoted to re-using personal data that already are in companies’ databases. Under the GDPR any processing of personal data is possible subject to fulfilment of several principles and conditions. One of them (and in my opinion one of the most important) is the purpose limitation principle. Organisations subject to the GDPR regime are not only required to specify the purpose for which they want to

Read More »

Welcome to WLC Blog

Notwithstanding the excellent quality of much of the data privacy content available, the availability of information in relation to the practical implementation of data privacy requirements and best practices is limited, and the practical struggles that an organisation faces have received little attention.

Read More »