Article 35 in the GDPR relates to management’s obligation to carry out a data protection impact assessment. It reads:*******************************Where a type of processing in particular using new technologies, and taking into account the nature, scope, context and purposes of the processing, is likely to result in a high risk to […]
Information about Data Subject Access Request (article 15 GDPR) What is it? A Data Subject Access Request (DSAR) is a request addressed to the employer that gives in our case employees, former employees and/or job applicants a right to access information about and a copy of personal data the employer […]
Article 80 – Representation of data subjectsThe data subject shall have the right to mandate a not-for-profit body, organisation or association which has been properly constituted in accordance with the law of a Member State, has statutory objectives which are in the public interest, and is active in the field […]
Principles relating to processing of personal dataPersonal data shall be:processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’);collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving […]
Employers can only transfer data outside the GDPR under strict conditions. As described in GDPR Chapter 5: Transfers of personal data to third countries or international organisations, these are: A transfer of personal data to a third country or an international organisation may take place if the EU Commission has […]
Tips for logging third party access to your data Note the following down: The name of the 3rd party and whether they are processing data according to the instructions from your management, or whether they are repurposing this data for new purposes. What instructions for processing your employer has given […]
Employers should generally conduct a DPIA if any two of the following exist (see GDPR article 35 and A29WP Guidance):use of automated decision-making with legal or similarly significant effect;evaluation of scoring of data subjects, including evaluating work performance;systematic monitoring of a publicly accessible area on a large scale;processing of sensitive […]
In the GDPR, data subjects (in our case workers) have what is typically defined as 8 Data Subject Rights. These are:The Right to InformationThe Right of AccessThe Right to RectificationThe Right to ErasureThe Right to Restriction of ProcessingThe Right to Data PortabilityThe Right to ObjectThe Right to Avoid Solely Automated […]
Article 6 of the GDPR is titled “Lawfulness of processing.” It reads as follows:1. Processing shall be lawful only if and to the extent that at least one of the following applies:(a) the data subject has given consent to the processing of his or her personal data for one or […]