What am I? A controller or a processor?
Every organisation which has employees, is a controller to their employees. The factor which determines that the organisation is controller is that it decides on the purpose for employment, and why/how this is done. However, a controller to their ...
How can we be a joint-controller?
If 2 or more controllers have a say in the purpose and means on the processing of personal data they are potentially joint controllers. If there is a case of a joint controller situation then it needs to be clear in a contract between the ...
So your organisation has a legitimate interest to process personal data under Article 6f?
Making GDPR compliance easy with Privasee · Article 6f, your organisation has a legitimate interest Article 6f, legitimate interest. Processing is necessary for the purposes of the legitimate interest pursued by the controller or by a third party, ...
What does it mean that we have 72 hours to report a breach?
When you are data controllerFrom the moment a personal data breach has been confirmed, your organisation has 72 hours to decide (and report) if it presents a high risk of harm to the rights and freedoms of an individual and if so it must be reported ...
What is pseudonymised data?
Pseudonymised data is reversible. Normally what entails is that a name could be replaced with a unique ID, and maybe there's a table somewhere to enable the processor to be able to reverse back again. Now pseudonymised data is still personal data ...