Transferring personal data internationally is deemed higher risk and therefore safeguards, designed to provide the data subject with further protection, must be in place when transferring personal data. The laws of some countries are deemed ‘adequate’ by the EU as they are robust enough to provide the protection to the data subject without further change. […]
Data protection by design and by default is primarily the process of putting in place appropriate technical and organisational measures to implement the data protection principles and safeguard individual rights. Data protection by design is about ensuring data protection and privacy issues are considered upfront in everything you do, and it helps you to comply […]
Data should be retained only for as long as it is necessary. This means you will need to retain data whilst it is required for the processing which you need it for, but it also means that you might be able to retain the data for longer if you have a legitimate reason to continue […]
An individual under the age of 16 is considered to be a child under the EU data protection laws, although individual member states are allowed to set this at a different age, for example the UK state that an individual of 13 or over is able to make their own decisions about their data. Children […]
Binding corporate rules are internal rules for data transfers within multinational companies. An important distinction is that binding corporate rules are put in place between linked companies, for example subsidiaries in different countries, rather than through a commercial contract, which would instead be protected by standard contractual clauses. Binding corporate rules are similar to a […]
The European Commission determines whether a country outside the EU offers an adequate level of data protection. The effect of such a decision is that personal data can flow from the EU to that ‘third country’ without any further safeguards being necessary. Or to put it more simply, transfers to the country will be treated […]