Consultancy specialising in the General Data Protection Regulation (GDPR)
‘by Data’ is a Consultancy specialising in the General Data Protection Regulation (EU) 2016/679 (GDPR) to comply with legal and security requirements in the management and processing of personal data.
The General Data Protection Regulation (GDPR) applies to applies to the processing of personal data of data subjects who are in the Union by any business (Controller or Processor) not established in the European Union, where the processing activities are related to:
– Targeting European Union residents via website or direct marketing, offering goods or services.
– Having users, customers or clients in the European Union.
– Tracking individuals (or analyses and predicts personal preferences, behaviours and attitudes) in the European Union.
In Australia, since June 2018, the Office of the Australian Information Commissioner (OAIC) stablished through the ‘Privacy Business Resource 21’ the mandatory obligation for Australian businesses to apply the General Data Protection Regulation (EU) 2016/679 (GDPR) if they meet one of the following criteria:
– with an office within the European Union.
– offering goods or services to European Union citizens or residents.
– whose website targets European Union residents (Marketing).
– with users, customers or clients in the European Union citizens or European Union residents.
– tracking individuals (or analyses and predicts personal preferences, behaviours and attitudes) in the European Union.
In 2021, the United Arab Emirates (UAE) created the UAE Data Office and with the ‘Federal Decree-Law No. 45’ of 2021 regarding the Protection of Personal Data (‘the Law’) became effective on 2 January 2022, and is the UAE’s first federal-level data protection law, applying the General Data Protection Regulation (EU) 2016/679 (GDPR).
RECORDS OF PROCESSING ACTIVITIES
PRIVACY IMPACT ASSESMENT
DATA PROTECTION OFFICER
Data Protection Officer (DPO)
The Data Protection Officer (DPO) must be designated by the Organisation and be communicated to the concerned Supervisory Authority in any case where:
– The data processing is carried out by a Public Authority or Body, except for courts acting in their judicial capacity; or
– The core activities of the business consist of processing operations which, by virtue of their nature, their scope and/or their purposes, require Regular and Systematic monitoring of data subjects on a large scale; or
– The core activities of the business consist of processing on a large scale of Special Categories of data or data relating to Criminal Convictions and Offences referred.
Businesses, that carry out regular and systematic processing of personal data, must designate a European Representative regarding their respective obligations under this regulation when:
– Offering of goods or services (Direct Marketing), irrespective of whether a payment of the data subject is required, to European citizens or residents; or
– Monitoring of their behaviour as far as their behaviour takes place within the European Union.