GDPR Fundamentals: Roles Under the Law – Controllers, Processors, and Joint Controllers

by Mark Hinely / April 5, 2023

GDPR divides responsibilities for organizations processing personal data based on their role, so determining which role your organization plays is one of the first steps towards GDPR compliance. You cannot know what your requirements or obligations under the law are until you do so. There are three major roles under GDPR: controllers, processors, and joint controllers. Let’s discuss what each of these roles mean and how your organization can determine…

GDPR Fundamentals: Legal Basis For Processing Data

by Mark Hinely / April 5, 2023

 6 Legal Bases for Processing Personal Data One of the seven major data processing principles of GDPR is to ensure that personal data is processed lawfully, fairly, and transparently. To comply this principle, Chapter 6 of the GDPR requires any organization processing personal data to have a valid legal basis for that personal data processing activity. Think of these as scenarios in which it would be lawful to process…

GDPR Fundamentals: Data Subject Rights

by Mark Hinely / April 5, 2023

 GPDR is such a revolutionary law because its focus is so heavily on the data subjects and protects personal data not only in the shape of security, but also in privacy. The law actually gives data subjects seven rights, outlines in Chapter 3. These seven rights of data subjects ensure transparency between data subjects and those organizations that are processing their personal data and include: Right to access Right…

GDPR Fundamentals: The Basics of the Law

by Mark Hinely / April 5, 2023

 Have you been clicking “Accept” on a lot more sites asking for consent to use cookies? Did you receive a flood of updated privacy policies from brands you are subscribed to? Have you noticed that companies who’ve been recently breached are giving out a lot more information about the event than they normally would? There is a reason for all of this, and it’s GDPR. What is GDPR? Born…

PCI Requirement 12.11.1 – Additional Requirement for Service Providers Only: Maintain Documentation of Quarterly Review Process

by Randy Bartels / April 5, 2023

 Documenting Your Review Process The final requirement in PCI Requirement 12 works in conjunction with PCI Requirement 12.11. PCI Requirement 12.11.1 mandates organizations to maintain documentation of a quarterly review process, which should include documenting results of the reviews and review/sign-off of results by personnel assigned responsibility for the PCI DSS compliance program. Why are PCI Requirement 12.11 and PCI Requirement 12.11.1 listed separately? The PCI DSS explains, “The…