White Label

Our Blog

Transfer to the cloud // Isometric Graphic // White Label Consultancy
Data Transfers
Magdalena Goralczyk

How can I help my organisation manage the consequences of Schrems II Judgement

Intro This post is a continuation of our pragmatic advice on dealing with the consequences of the recent Schrems II judgement of CJEU, that have invalidated the Privacy Shield and put in question the way organisations transfer data outside of the EU/EEA. We are focusing on practical steps that the organisation should take internally as a reaction to the Schrems II judgement. We’ve said it before: the end of Safe Harbor Privacy Shield is not the end of the world. The last time a transfer mechanism got invalidated it happened with much less fanfare, but we still lived to see

Read More »
Data Transfers
White Label Consultancy

10 key takeaways from Schrems II

We provide you with 10 key items you need to know about the Scherms II case court decision. Since our mission is to provide pragmatic advise we have refrained from long legal analysis, instead we give you insights on the most important consequences. Please stay tuned, we will continue reporting on the case in this manner, by publishing more bite size articles on this topic in due course.   1. What is the essence of Schrems II case? The European Court of Justice (CJEU) has invalidated Privacy Shield, which was one of the GDPR transfer mechanisms for sending data from EU

Read More »
White Label DPO // White Label Consultancy
Data Processing Agreement
Ula Krokay

DPA Negotiation: Top 6 Tips

Over the last few years we had our hands full discussing and negotiating Data Processing Agreements (DPAs). The 6 tips below are based on our practical observations and things we have learned. We hope this will offer useful insights to DPOs, legal, procurement and outsourcing stakeholders who come across DPAs in their daily work. Please note that the tips we share are not a legal advice. In this piece we focus on the difficult art of DPA negotiation, and will not discuss the topic of data protection roles (controller, processor, joint controller). If you would like to know more about

Read More »
Data Protection Roles
Magdalena Goralczyk

The importance of data protection roles in product development

Summary Correctly choosing whether you are a controller, a joint controller, or a processor is important not only from a compliance perspective. It should take into consideration the future needs for data for your product and will largely direct its development.  Intro The traditional division between the controller and the processor historically relied on a distinction between a party connected to the data subject (for example a customer) and an invisible service provider taking over some specific task that would facilitate delivery. This division is gradually becoming outdated and we can question if it is still fit for purpose. Yet,

Read More »
Data Protection Audit // White Label Consultancy
Business Value of Privacy
Nicholai Pfeiffer

The Value of Privacy in a Business Context

The ever-increasing need for access to data for business development purposes and the increasing regulatory requirements, have catapulted data governance into the business environment. This means that data needs to be managed, controlled, and developed in accordance with existing business principles of asset management. However, the value of privacy in a business context must be  assessed using the same criterion used for any other business initiative and the viability of proposed new initiatives needs to be assessed using the same metrics that executives apply when assessing investments within other business areas. For the privacy professional, this requires the use of

Read More »
Global Data Transfers
Data Transfers
Henrik Rubaek Joergensen

Managing international data transfers

International data transfer often comes with a list of regulatory requirements. Companies need to ensure that robust processes are in place to assess the need for Data Transfer Mechanisms.

Read More »
Compliance
Dale Waterman

Leadership and Culture in Data Governance and Data Protection

Introduction We are undergoing a technological revolution that is unlike anything we have experienced before. The speed of the disruption to almost every industry is not easy to anticipate yet we see evidence of the impact everywhere. It is changing the way we live and work – and Covid-19 is likely to accelerate this digitization. Digital transformation, and with it the focus on big data analytics and the adoption of evolving technologies like IoT, cloud computing and AI, is making every business a data business. For any organisation, data will likely become the air you breathe. This article aims to

Read More »
AI and Machine Learning in the DPIA
AI
Ula Krokay

Artificial Intelligence in the (D)PIA

Background AI is a hot topic, not least among the Data Protection Authorities, who have recently been very active developing guidance papers aimed at helping organisations grasp and assess the complexities involved. Examples of such publications include the very recent and open for consultation ICO’s AI auditing framework, or 2018 report from Norwegian DPA on Artificial Intelligence and privacy. These documents look at implications for data protection, and challenges of AI compliance with GDPR. This blog article attempts to present selected considerations and challenges that DPOs should keep in mind when preparing a DPIA for Artificial Intelligence. It does not comprehensively cover all aspects of data protection compliance, rather it

Read More »