Privacy Policies Built for GDPR Compliance

by Sarah Harvey / December 16, 2022

Updating Your Privacy Policy for GPDR Compliance Privacy policies are critical to GDPR compliance efforts, as this statement or notice explains how an organization handles personal data. We know that in order to comply with GDPR, a privacy policy should be concise and written in clear, plain language. However, in the weeks since GDPR became enforceable, many privacy policies are not meeting these requirements. This may be due to organizations…

The Cost of GDPR Non-Compliance: Fines and Penalties

by Sarah Harvey / December 16, 2022

The EU’s General Data Protection Regulation (GDPR) is a top regulatory focus, and for good reason. Organizations across the globe are mapping their data, updating their privacy policies, updating contracts, reviewing their data collection processes, and trying to figure out whether they are data controller or processor – all to avoid the severe consequences of GDPR non-compliance. Not only are the requirements and scope for this data protection law extremely broad,…

10 Key GDPR Terms You Need to Know

by Sarah Harvey / January 25, 2023

The most common questions we receive regarding GDPR compliance are all related to terms and definitions. Controllers, processors, processing, sub-processor, joint controller, controller-processor – there’s so many complicated, similar GDPR terms. If you’ve been confused by what terms mean and which definitions are vital to the compliance process, you are not alone. What’s your organization’s role? Who enforces GDPR? What kind of data is covered under the law? What kind…

SOC for Cybersecurity FAQs

by Sarah Harvey / November 20, 2023

What is SOC for Cybersecurity? Because most organizations conduct some portion of their business in cyberspace, they open themselves up to a new level of risk. Who they are, what they do, and what information they possess can make businesses targets for malicious attackers. Reputational damage, disruption of business operations, fines, litigation, and loss of business can all be consequences of a cybersecurity attack. It’s more important than ever to…

Which GDPR Requirements Do You Need to Meet?

by Sarah Harvey / December 16, 2022

GDPR Requirements for Data Controllers and Processors The first step towards GDPR compliance is determining your organization’s data role – are you a data controller or a data processor? Determining your role under GDPR can be challenging because of textual and practical ambiguity, but identifying your role is the starting point for determining which GDPR requirements your organization must follow. What are the responsibilities of data controllers? A data controller determines…