Are risks related to the processing of personal data, as referenced in the GDPR, fixed and exhaustive? They are not. The regulation provides a non-exhaustive list of risks solely as a foundation for protecting fundamental rights. Administrators must assess and address additional, context-specific risks beyond those explicitly listed. This requires…
Read more
I was hesitant to speak about contact tracing apps because so many people speak on the subject and the ratio of repeating the same cliches over and over is also high. Little insightful things are left to be said in this rather simple problem. But recently it emerged that a…
Read more
Organizations voluntarily creating big public data breaches are rare. Recently it became widely known that the Public Transport Victoria (PTV) published a dataset of possibly over 15 million users. It was “anonymized”, but PTV may now still face a $336,000 data protection fine. How did this happen?
Data Science…
Read more
When is Privacy Impact Assessment (PIA) or Data Protection Impact Assessment (DPIA) necessary and mandatory according to the General Data Protection Regulation (GDPR)? So far there has been a lot of ambiguity surrounding the issue.
I previously wrote about the DPIA guidelines (and its challenges) suggested by the Privacy Commission…
Read more
One of the most important cultural change companies and organisations are beginning to face is the need of systematic inclusion of privacy and data protection in technical and organisational frameworks.
A crucial aspect of these changes is the need of conducting Privacy Impact Assessments (PIA) and Data Protection Impact Assessments…
Read more