GDPR: Data Protection Officer

GDPR Data Protection Officer - Metric International

Section 4 of the GDPR outlines the requirement for applicable firms to appoint a data protection officer (DPO). All emphasis added unless otherwise stated. When a DPO must be appointed According to Article 37(1), data controllers and processors shall designate…

GDPR: Personal Data

GDPR Personal Data - Metric International

Article 4(1) defines “personal data” as follows (all emphasis added unless otherwise stated): ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in…

GDPR: How to obtain consent?

GDPR How to obtain consent - Metric International

Within the GDPR, consent constitutes one of six possible legal grounds for lawful personal data processing under Article 6(1). For most commercial controllers and processors, however, it likely represents the principal option. (All emphasis to GDPR text are added unless…

GDPR: Legitimate Interest

GDPR Legitimate Interest - Metric International

“Legitimate interest” may be among the most confusing concepts written into the GDPR, which is not helped by the amount of incorrect interpretations available when you search for the term online. It is also an especially important concept to understand…

Need to know: GDPR 72-Hour Breach Notification

Most recent GDPR news stories highlighted the new 72-hour breach notification requirement and the potential €20,000,000 fines. Yes, those are provocative highlights that generate clicks and views, but they don’t provide much guidance for organizations, security compliance officers, and IT security…

GDPR: Who Must Comply?

GDPR Who Must Comply - Metric International

Expanded territorial scope The GDPR represents a significantly increased territorial reach over its Data Protection Directive predecessor. Article 3 of the GDPR outlines that (all emphasis added unless otherwise stated): 1. This Regulation applies to the processing of personal data…

GDPR: Fines & Penalties

GDPR Fines & Penalties - Metric International

Administrative fines The GDPR imposes stiff fines on data controllers and processors for non-compliance. Determination Fines are administered by individual member state supervisory authorities (83.1). The following 10 criteria are to be used to determine the amount of the fine…