Uncategorized

Supplying information to the requester Hi, guys. In this lesson, we will discuss supplying information to the requester. You should remember that subject access entitles an individual to more than just a copy of their personal data. An individual is also entitled to be told whether any personal data is being processed. So, even if you do not have any personal data on the requester, you must respond to let them know, providing a description of the personal data, the reasons it is being processed, whether it will be shared…

Overview of SARs Hi guys. In this lesson, we will discuss an overview of subject access requests, or SARS. A SAR or DSAR is a request from a data subject to be provided with a copy of the personal data being processed by a controller and an explanation of the purposes for which personal data is being used. A complaint or general query about how personal data is being used does not constitute a DSR. For example, a query about why marketing is being received or where you got someone’s…

Customer Scenario Description Hi guys. In this lesson, I will describe one of my real customer scenarios, and during several lessons, I will present the way I have approached the first part of a GDPR project. You can find all the templates we will use in lesson number three as a downloadable resource in the introductory section. So, let me briefly describe the company and their goals. Sure, sure. Due to the confidentiality of the information, there is no real name involved here. The company operates in the telecommunications industry…

Exceptions Hi, guys. In this lesson, we will discuss exceptions. If you are making a restricted transfer that is not covered by an adequacy decision or an appropriate safeguard, then you can only make the transfer if it is covered by one of the exceptions set out in Article 49 of the GDPR. You should only use these as true exceptions from the general rule that you should not make a restricted transfer unless it is covered by an adequacy decision or there are appropriate safeguards in place. If it…

Mandatory and Voluntary DPO Hi guys. In this lesson, we will discuss mandatory and voluntary data protection officers, or DPOs, under Article 37. The GDPR specifies that a DPO is required to be appointed by a controller or processor in the following situations: when the processing is carried out by a public authority or body, except for courts acting in their judicial capacity. The controller’s or processor’s core activities are processing operations, which by definition necessitate regular and systematic monitoring of data subjects on a large scale. The controller’s or…

CIPM scenarios – part 3 Hi guys. Here we are at the last lesson of CIPM case studies, and we’ll finish it again with a scenario that will be bigger. Assume the amount of text is spread across three slides. So you also have all the presentations attached as a resource to all these lessons. So take the presentation and put it back. In a word, take a reading of the full scenario, and then, with you in front, take a look at all the questions and try to answer…

CIPP/E scenarios – part 1 Hi, guys. In the following nine lessons, we’ll understand different question types for the three IAPP certifications. which stands for “European-Certified Information in Privacy Professional.” For Europe. It’s the CIPM privacy manager and the CIPT privacy technologist. IAPP stands for the International Association of Privacy Professionals. And there are three certifications. They have a fairly good reputation both in Europe and around the world. Practically, they are the only privacy certifications existing nowadays. So let me just show you their website. So that’s iapp.org. You…

ECS – Auto Scaling So now let’s talk about auto scaling for our ECS services. So if we go to the ECS classic one, we have our demo service, and we can go to the auto scaling tab. And in here right now, it says there are no auto-scaling resources configured for this service. To create an auto scaling, we must first click Update. So we’ll go here, click on Next, and then the network; everything is fine. Click on “next.” And here we can configure the service’s auto-scaling. And…

Consent to Children’s Data – is it Legal? Hi, guys. In this lesson, we’ll discuss consent for children’s data. Is it legal or not? Special events involving children are highly sought after by children and parents alike, especially those that involve going through an assessment process to be selected for something as prestigious as national science fairs, debate contests, math competitions, petitions, coding conferences, or programmes taught at prestigious schools and universities. Parents and children alike are proud to be among those who get invited. It is then very disappointing,…

A practical Guide for Small Enterprises (SMEs) Hi, guys. In this lesson, we’ll discuss the Practical Guide for Small and Medium Enterprises, or SMEs. The guide includes 26 steps that you need to follow in order to become GDPR-compliant. So first, let’s start with creating a Data Protection Compliance folder on your company file system. This will form the basis of your proof of compliance. Every step you take towards GDPR compliance should be documented to be used in your defense. If necessary, keep notes of internal meetings on GDPR…