GDPR and Security

The GDP all requires you to process personal data securely. This is not a new data protection obligation. It replaces and mirrors the previous requirement to have appropriate technical and organizational measures under the Data Protection Directive.

security  photoArticle 32 of GDP our address is controller and processor security obligations. It states taking into account the State of the art the costs of implementation and the nature scope context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural Purtell persons the controller and the processor shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk state of the art does not mean the most cutting edge technology as part of the risk assessment controllers or processes should reflect upon the consensus of security specialists.

If a body or a security specialist consider a particular control appropriate in a particular context this option should be preferred when deciding on the appropriate security measures. The cost of implementation should be taken into account.

security  photoOrganizations are not required to choose the most expensive cutting edge security controls GDP does not explain what the phrase appropriate technical and organizational measures but it lists some important measures such as pseudonymization encryption confidentiality integrity availability and resilience confidentiality individuals entities systems and applications access data on a need to know basis.

Integrity controls are in place to ensure data is accurate and complete availability data is accessible when needed. Resilience data is able to withstand threats and recover GDP are also suggests to use a risk based approach and run the risk assessment to decide on the appropriate technical and organizational measures.

The risk assessment will reflect the nature of the data that is processed.

The context purpose and scope of processing threats vulnerabilities and the impact we have covered what GDP all requires us to do for security in theory but security in practice within an organization needs more than that and according to GDP our organizations should take a holistic approach.

security  photoConsiderations for a holistic approach include management team work a buy in security policy for physical environment security measures information technology security measures incident detection and response.

GDP also asks controllers to cascade all requirements to processes the contracts between controllers and processes should include the following compulsory terms:

  • The processor must only act on the written instructions of the controller.
  • The processor must ensure that people processing the data are subject to a duty of confidence.
  • The processor must take appropriate measures to ensure the security of processing the processor must only engage a sub processor with the prior consent of the data controller and a written contract.
  • The processor must assist the data controller in providing subject access and allowing data subjects to exercise their rights under the GDP.
  • The processor must assist the data controller in meeting its GDP our obligations in relation to the security of processing the notification of personal data breaches and data protection impact assessments.
  • The processor must delete all return all personal data to the controller at the end of the contract and the processor must submit to audits and inspections provide the controller with whatever information it needs to ensure that they are both meeting.

Article 28 obligations and tell the controller immediately if it is asked to do something infringing the GDP or other data protection law of the EU or a member state.

GDPR Rights of rectification and the rights of access

Rights of rectification and the rights of access commonly referred to as Subject Access gives individuals the right to obtain a copy of their personal data as well as other supplementary information.

It helps individuals to understand how and why you are using that data and check you are doing it lawfully. Individuals can make a subject access request verbally or in writing. You have one month to respond to a request.

You can extend the time to respond by a further two months if the request is complex or you have received a number of requests from the individual.You must let the individual know within one month of receiving their request and explain why the extension is necessary.

gdpr photo

The new thing in GDPR is that you cannot charge a fee to deal with a request.

In most circumstances however where the request is manifestly unfounded or excessive You may charge a reasonable fee for the administrative cost cost of complying with the request. You can also charge a reasonable fee if an individual requests further copies of their data.

gdpr photoFollowing a request you must base the fee on the administrative costs of providing further copies. In addition to a copy of their personal data you also have to provide individuals with the following information:

  • The purposes of your processing.
  • The categories of personal data concerned the recipients are categories of recipients you disclose their personal data to your retention period for storing the personal data or where this is not possible.
  • Your criteria for determining how long you will store it.
  • The existence of their right to request rectification AirAsia or restriction or to object to such processing.
  • The right to lodge a complaint with the ICAO or another supervisory or authority.
  • Information about the source of the data where it was not obtained directly from the individual.
  • The existence of automated decision making including probing profiling and the safeguards you provide
  • if you transfer personal data to a third country or international organization responding to a subject access request may involve providing information that relates both to the individual making the request and to another individual.

The DPA 20:18 says that you do not have to comply with the request if it would mean disclosing information about another individual who can be identified from that information.

This obligation to provide data subjects with access right lies with the controller and not the processor.

Processes are only obliged to assist the controller with the requests if needed. The scope of rights of rectification is largely unchanged from the directive.

gdpr photoIn summary data subjects have the right to rectification of inaccurate personal data. It is also complex if the data in question records in opinion opinions are by their very nature subjective and it can be difficult to conclude that the record of an opinion is inaccurate.

As long as the record shows clearly that the information is an opinion and where appropriate whose opinion it is it may be difficult to say that it is inaccurate and needs to be rectified in such a scenario. You can reject the request by informing the user about the foundations of the opinion.


Cost effective marketing for small businesses

If you create the right game plan, then guerrilla marketing will be extremely fun as most of the time you will get the results without having to spend much money.

Sounds great.

First of all let’s see what we have out there to start our guerilla marketing campaigns. Social media can help you be there. Social media is indeed a phenomenon in the 21st century connecting billions of people around the world through a series of status updates tweets and other rich media in the business world.

Social media are powerful tool !

It’s a powerful tool and if you haven’t started fully utilized in it it is time to do so. You can start with Facebook. Create a company page and invite your friends and family to like the page and then use those numbers as leverage to gain some credibility with outsiders.

Then get Twitter and follow follow follow. Don’t be annoying but use the search feature to find people within your nish and tweet them making pleasant but relevant conversation. Once you have these outlets push as much rich media out as you can. Whether it’s photos of where you work the ideas of a typical day on the job or witty tweets and status updates share their updates to. 

Don’t forget about Linked-In. It’s the most powerful social networking sites on the planet. As for your business the Linked-In groups feature is probably the most powerful ways to get more exposure more leads and more sales. Don’t have a group yet. Start today.

Google Hangouts webinars are huge

Next to is hosting weapon platforms. Although most services just cost a small monthly fee there are some that are free and others you could start us with a free trial for a month. Like kids go to work an hour or Google Hangouts webinars are huge. They are like events but online and they are the easiest way to connect with your audience.

Build your list and generate more sales. Simply host your own retina where you can connect with people live from around the world. Share your data on social media platforms next one events meetup dot com or Eventbrite can help you with it. Meetup is the worlds largest network of local groups meetup makes it easy for anyone to organize a local group or find one of the thousands already meeting up face to face more than 9000 groups get together in local communities each day each one with the goal of improving themselves or their communities.


Meetup is a quiet place to find local events and post and promote your events. You will find both personal and professional events pasted on Meet Up event brides help you perform ticketing for events and also deals with both personal and professional events. It’s great for one time ticketed events or events with a special guest list. The main difference between meet up and each event brides is community.

Meetup has a very large active community of visas that you can leverage all that you can promote via event brides matter to promotion takes place on other social networks as opposed to within the network of users meetup works great for free events and no doubt if price can be used for free events Eventbrite specializes in ticketing and ticket sales.

So run your own events and use these tools for local Verla marketing and obviously create a you keep accounts. If you have a G-mail account you should probably already have a youtube account. As you can lock in with your email. Remember it’s the second largest search engine Yuichi processes more than three billion searches among a hundred hours of video uploaded every minute.

YouTube is your best friend

YouTube is your friend in guerilla marketing companies always want to find new ways to promote their brands and products but they are usually too afraid to go too far outside the box. What they don’t realize though is that there are unconventional ways that they can make use of to promote their businesses without much risk involved.

Not every marketing strategy will work for every company but there is always something that you cando to bring in new customers. It’s just a matter of knowing what your company goals are and then implement the marketing strategies so that they help you achieve those goals. So know your tools let’s not discover some strategies to promote your business with this type of marketing tips to share with you have been proven to work for companies both big and small.

Make sure you and your employees are loud and proud and you will definitely get the attention of anyone within ear shot of you. If you have a flower company you could have a fake protest against bad  and show anyone who comes by exactly what Whiteley’s look and smell like.

This will let them sample your products and you will often get a lot of people to come through your doors who might have otherwise not even known that you existed. Second string some coupons on trees hanging coupons outside of businesses is a new marketing technique but it is something that is sure to get the attention of anyone who walks in front of your doors. People respond when they see something out of the ordinary and they definitely respond when they see a chance to save money.

A great thing about hanging coupons outside of your business is that you can see through your own eyes which coupons interest people and which ones dont. This can help lead to better market your company both online and through mail. Start a friendly fight with the creation of social networks.

Businesses are realizing that they have to use these mediums in every way that they can to help spread the word about their companies. A friendly fight is when you end up the company battle it out through the use of social networking and other mediums by having the public vote on who has the better products. This won’t harm your business whether it would help people to cast their vote judiciously.