Privacy impact podcast: Episode 1 with Brendon Lynch
Guest: Brendon Lynch, Chief Privacy Officer at Airbnb (formerly at Microsoft). In this very first episode our host Doug Heintzman — veteran technologist and former IBM tech strategist — asks Brendon about his views on the various reasons companies need to worry about privacy and data protection. They discuss the impact of IoT, artificial intelligence, ecosystems, and changing customer expectations on an increasingly complex privacy landscape. Listen in to hear about privacy as a journey and what its first essential steps are.
Trials and tribulations of recognising DSARs
DSARs can be tricky to recognise, but failing to do so could land you in hot water. A good set of policies and documents, adequate training, and an effective privacy tool are the crucial elements for managing DSARs.
GDPR data mapping: ultimate guide
GDPR data mapping is a great way to start tracking data in your organization and to have a complete inventory of personal data. However, it can be a difficult task and you may not know where to even start. We have created an ultimate guide to mapping personal data in your organization to simplify the entire process and get you on the right track to being fully GDPR compliant.
DPIA: do I need to do one?
As part of the GDPR, many different new rules for businesses were introduced to change practices and protect consumer data. One of the rules obligates organizations to carry out risk assessments for their data practices. One of these is called a Data Protection Impact Assessment (DPIA). But what are these assessments and do you need to do one?
RoPA: why you need one
RoPA stands for record of processing activities and is obligatory for certain organizations under Article 30 of the GDPR. Creating a RoPA for your organization may seem like a time-consuming and daunting task, but we are here to help and make it easier. Read this explainer article to find out how to complete a RoPA for your organization using Soveren’s free tool.
RoPA: how to complete
Soveren has created a tool to help you document your record of processing activities (RoPA). The tool allows you to simplify the process of creating a RoPA and keeps you audit ready. Try out the tool for free today and read this explainer article to get you started.
DPIA: what is it?
DPIA stands for data protection impact assessment. DPIA is the process of measuring and mitigating the risk factors involved in collecting, storing, and using personal data. Since personal data is sensitive to an individual's identity, organizations collecting this data need to be clear about their purposes for doing so and the privacy safeguards they have in place.
DSARs: how to deal with them
DSAR is a data subject access request: where an individual seeks to exercise their right to access information an organization stores on them. Upon receiving a DSAR from a person, your organization has a legal duty to respond to the request, provide a copy of the data collected, and explain how and why the data is being processed. Let’s outline how you can handle DSARs to comply with data privacy laws such as the GDPR.
DSAR response template: how to use
DSARs are data subject access requests that your customers send you to learn about what data you collect and store on them. Responding to them with one calendar month is a requirement of the GDPR and can be challenging for many organizations. We have created a DSAR response template to help you streamline your DSAR workflow and speed up the whole process. Learn how to complete the template in this article.
Privacy legislation in USA March 2021 update
With California streets ahead on privacy, it sometimes feels like the rest of the US is playing catch up. Virginia joined the party this month, passing its new legislation: Consumer Data Protection Act (CDPA). Is it just a matter of time before the other states join in, or will Federal law come in to eclipse everything? Let’s take a look at the privacy legislation developments in the US as they are right now.
GDPR data mapping template: how to complete
GDPR data mapping is a great step to help your organization visualize what data is stored where, why, and for how long. Creating a GDPR data map is a daunting task, so we have created a simple template to get you started.
GDPR data mapping: getting granular
GDPR data mapping sounds easier and less time consuming than it actually is. Data privacy professionals looking to create a full inventory of the personal data their organization holds can have difficulty knowing where to start in GDPR data mapping. Once you have categorized your personal data, know where it is, why you have it, and how long you should retain personal data for, you can get granular with each data point and indicate what you use each piece of data for.
GDPR data mapping: documenting basis and retention
GDPR data mapping is a multifaceted task that can aid data protection staff in their work on a day-to-day basis. One important aspect of having a complete inventory is mapping all the personal data you hold, and documenting the legal basis as to why you handle people’s personal data. Added to that, you need to have policies in place which define the length of time you hold the data: the retention period. Let’s take a closer look at how to document the legal basis for processing and the retention periods for your GDPR data map.
DSAR: what is it?
DSAR stands for data subject access request. It is a legal mechanism whereby consumers can demand to access, amend, or erase their data which is held by companies, in accordance with data protection laws.
GDPR data mapping: where is personal data held?
GDPR data mapping can seem like a daunting task, with personal data buried across all sorts of applications and databases. Having a clear inventory in the form of a data map which shows where data is not only helps locate data should a consumer ask for their data, but also helps you comply when asked to produce a GDPR Article 30 report by your data protection authority.
GDPR data mapping: where do I start?
GDPR data mapping can be a tricky exercise and it is difficult to know where to start. That is why we decided to create a series of articles to explain how you can map data, creating a data inventory for your organization. Read on to learn where you should start your data map process. (Spoiler: you need to define which categories of data you hold.)
Save time and effort by downloading Soveren’s free GDPR data mapping template.Download now