Data inventarization according to GDPR
Summary
TLDRThis webinar script delves into the essentials of data inventorization under GDPR, emphasizing the importance of understanding data flows for compliance. It guides through creating data maps, offers tips for data minimization, and addresses the roles of data controllers and processors. The speakers, privacy lawyers from Legality Group, also highlight the significance of maintaining records of processing activities and responding to data subject requests. Additionally, they introduce a charity program to support children affected by the war in Ukraine, encouraging donations.
Takeaways
- π The webinar focuses on data inventorization according to GDPR, emphasizing the importance of understanding data flows and creating a data map for compliance.
- π€ The speakers, Ledeslav and his colleague, are privacy lawyers from Legality Group, who specialize in various international data protection laws including GDPR and CCPA.
- π‘ The webinar highlights the significance of data minimization and understanding applicable laws for data militarization, suggesting that maintaining a data inventory can mitigate risks of unnecessary data storage.
- π Data inventory and mapping are crucial for GDPR compliance as they help companies adhere to its principles, such as purpose limitation and storage limitation.
- π GDPR's Article 30 mandates maintaining records of processing activities, which can be facilitated by having a data inventory or map, detailing information like purposes of processing and data categories.
- π The involvement of third parties in data flows is significant, and companies must identify all parties involved and specify what data is shared and for how long.
- π€ The role of data controllers and processors is clarified, with examples given to distinguish between the two, especially in scenarios involving software development services.
- π Data transfers, especially to third countries outside the EU, require additional safeguards like data protection agreements with standard contractual clauses.
- π‘οΈ Data inventory and mapping are instrumental in responding to data subject requests and security incidents, helping to identify impacted data subjects and meet GDPR's notification timelines.
- π Tips for data inventorization include understanding what constitutes personal data, knowing one's roles under GDPR, and utilizing data maps for handling data subject requests.
- β»οΈ Regular review of data flow maps and records of processing activities is advised, especially when new features are implemented that may collect additional personal data.
Q & A
What is the main topic of the webinar?
-The main topic of the webinar is data inventorization according to the General Data Protection Regulation (GDPR).
What are the three main points covered in the webinar's agenda?
-The three main points covered are understanding data flows, drawing a data map, and providing tips for data minimization and understanding applicable laws regarding data militarization.
What roles do Ledeslav and the colleague from Legality Group have in the webinar?
-Ledeslav and the colleague are privacy lawyers working for Legality Group, and they are presenting on data militarization according to GDPR.
What is the significance of the charity program mentioned in the webinar?
-The charity program is developed by the company to support Ukrainian children affected by the war, providing assistance and encouraging donations to help those in need.
What does GDPR stand for and what does it govern?
-GDPR stands for General Data Protection Regulation, which is a regulation in EU law that governs the processing of personal data of individuals within the European Union.
What are the GDPR principles mentioned in the script?
-The GDPR principles mentioned are purpose limitation, storage limitation, and the requirement for data to be processed only in accordance with specified, explicit, and legitimate purposes.
What is the importance of maintaining records of processing activities under GDPR?
-Maintaining records of processing activities is a direct obligation under GDPR for certain controllers and processors, which helps in compliance and provides necessary information for handling data subject requests and security incidents.
What is the role of third parties in data flow and how should it be managed?
-Third parties may receive personal data from companies, and it's important to identify all third parties, the data shared with them, and the duration of data sharing. Information about data sharing should be included in the data inventory or map.
How can a data inventory or data map assist in responding to data subject access requests?
-A data inventory or data map can help identify all the information a company has about a data subject, making it easier to locate and provide the requested information or to determine if the request can be fulfilled.
What are the key steps in drawing a data map for GDPR compliance?
-The key steps include understanding the sources of personal data collection, identifying the roles of all subjects under GDPR (data controller, processor, or subject), and mapping out the flow of data, including transfers to third parties and data recipients.
What are some tips for data inventory and understanding applicable laws under GDPR?
-Tips include understanding which data is personal, knowing your roles under GDPR, utilizing data maps for handling data subject requests, specifying the categories of data collected, understanding retention periods, and regularly reviewing data flow maps and records of processing activities.
Outlines
π GDPR Data Inventory and Mapping Basics
The first paragraph introduces the webinar's focus on data inventory and mapping under the General Data Protection Regulation (GDPR). It outlines the agenda, which includes understanding data flows, creating a data map, and discussing data minimization and legal compliance. The speakers, Ledeslav and a colleague, both privacy lawyers from Legality Group, provide a brief introduction of themselves and mention their company's charity program supporting children affected by the war in Ukraine. They encourage donations and transition into the main topic of GDPR compliance.
π Understanding GDPR Principles and Data Inventory
The second paragraph delves into the GDPR principles, emphasizing the importance of data inventory and mapping for compliance. It explains the purpose limitation and storage limitation principles, highlighting the need to process personal data only for specified purposes and within a defined time frame. The paragraph also discusses the connection between data inventory and the maintenance of records of processing activities as required by Article 30 of the GDPR. It touches on the role of third parties in data flows and the necessity of documenting data sharing arrangements.
π€ Third Parties and Data Subject Rights in GDPR Compliance
This paragraph discusses the significance of third-party involvement in data processing and the importance of identifying all recipients of personal data. It also addresses the rights of data subjects under the GDPR, using a scenario where a user submits a data subject access request. The paragraph illustrates how a data inventory can facilitate the identification and provision of all personal data held by a company about an individual, thus aiding in the fulfillment of data subject requests.
π οΈ Creating Your First Data Map for GDPR Compliance
The third speaker provides a step-by-step guide on creating a data map, emphasizing its importance for GDPR compliance. The explanation covers understanding the subjects involved in data processing activities, identifying the sources of personal data collection, and recognizing the roles of data controllers, processors, and subjects under the GDPR. An example of a software development company is used to illustrate how to create a data map, including identifying data sources, the types of data collected, and the recipients of that data.
π Data Transfers and International Considerations under GDPR
This paragraph focuses on the complexities of data transfers, especially to third countries outside the European Union and European Economic Area. It discusses the need for additional safeguards, such as data protection agreements with standard contractual clauses, to justify such transfers under the GDPR. The paragraph also highlights the importance of understanding the destinations of personal data transfers and the implications for compliance with GDPR regulations.
π Tips for Data Inventory and GDPR Compliance
The sixth paragraph offers practical tips for conducting data inventory and maintaining compliance with the GDPR. It advises on understanding what constitutes personal data, the roles of data controllers and processors, and the importance of utilizing data maps and records of processing activities when handling data subject requests. The paragraph also touches on the example of payment processors and their role in collecting personal data on behalf of their clients.
ποΈ Data Categories, Retention, and Regular Reviews for GDPR
The final paragraph provides additional tips on data inventory, emphasizing the need to specify the categories of data collected, understand retention periods, and perform regular reviews of data flow maps and records of processing activities. It also advises on the importance of knowing where data is stored, especially if it involves cloud storage outside the EU, and the necessity of updating records when new data categories are introduced due to new features or services.
π’ Conclusion and Call to Action for Webinar Participants
The conclusion of the video script thanks the participants for their attention and provides a final reminder about the charity initiative to help Ukrainian children. It encourages viewers to subscribe to their YouTube channel for updates on legal webinars and to follow their social media for the latest information. The paragraph ends with a call to action for donations and assistance for those affected by the war in Ukraine.
Mindmap
Keywords
π‘Data Inventory
π‘Data Mapping
π‘GDPR Principles
π‘Data Minimization
π‘Data Subject Requests
π‘Records of Processing Activities
π‘Third Parties
π‘Data Controller
π‘Data Processor
π‘Personal Data
π‘Data Protection Officer (DPO)
Highlights
Webinar focuses on data inventorization according to GDPR, covering understanding data flows, data mapping, and tips for compliance.
Introduction of speakers Ledeslav and colleague, both privacy lawyers from Legality Group, specializing in GDPR and other data protection laws.
The importance of data mapping for GDPR compliance, helping to identify and minimize unnecessary data storage.
GDPR principles require data to be processed only for specified, limited purposes, and data inventory can assist in this.
Data mapping is crucial for maintaining records of processing activities as mandated by Article 30 of GDPR.
Involvement of third parties in data flows and the necessity to document data sharing practices.
Data inventory facilitates the process of responding to data subject access requests under GDPR.
Data mapping aids in identifying impacted data subjects and responding to security incidents.
The webinar discusses the creation of a data map, emphasizing understanding data sources and GDPR roles.
Examples provided to illustrate the concept of data controllers, processors, and subjects in different scenarios.
Importance of identifying data recipients and the destinations of data transfers, especially regarding third countries.
Tips for data inventory include understanding which data is considered personal under GDPR.
Clarification on the roles of data controllers and processors, and how companies can act as both.
Utilization of data maps and records for handling data subject requests and understanding data storage locations.
Advice on specifying data categories, retention periods, and the necessity of regular reviews of data flow maps.
Highlighting the need to understand the exact information maintenance requirements as per Article 13 of GDPR.
Closing remarks include a call to action for supporting Ukrainian children through the company's charity program.
Transcripts
data inventorization according to gdpr
um
can we have a presentation displayed
thank you yeah um you can see the topic
uh of our webinar right now it's data
interaction according to gdpr uh today
we will talk about um
several topics on this
um schema
the agenda of our webinar will be first
of all the understanding of data flows
of your company as the first step to
hdbar compliance
secondly we will try to draw a data map
and thirdly we will
include some tips for data minimization
and
understanding the applicable laws
regarding the data militarization
we will shortly introduce ourselves my
name is ledeslav i am a privacy lawyer
in legality group we work on
different um projects regarding uh
s-gdpr and ccpa other
international data protection laws um
and my colleague
yeah hello my name is uh
i am also a privacy lawyer uh working
for legality group
and today we will talk about uh data
militarization according to gdpr about
what uh what yosof has said before yeah
nice to meet you
yeah
and a short framework we wanted to pay
your to draw your attention to the
uh
to the war in ukraine and our charity
program developed by our company
despite the difficult situation which
forced many of our
many of our many of ukrainians
go to the war and many of children
move from their cities
because of the shellings
we continue to work and we provide
consultations to our at army as well as
take part in the information exchange to
ensure that
the children in need are supported
regardless of their uh whereabouts in
any way possible and you can also
help the children by
donating
according to our requisites which you
can find on our website uh in the
charity
page
yeah so uh thank you for your attention
again this topic um and we will move to
the topic of our webinar
i give the word to my colleague first of
all
okay
thank you for supporting children again
and
let's go back to the gdpr
today we're going to talk about
terms such as data inventory and
data mapping and
how this connects with gdpr namely gdpr
principles records of processing
activities
third parties fulfilling data subject
requests responding to security
incidents and so on
firstly we need to understand
what the term data inventory or data
mapping does mean within the gdpr or
other applicable laws
these terms are synonyms
very basically
personal data inventory or personal data
map is a record of personal data
processed by a company which can be
expressed in the variety of forms such
as lists
diagrams tables and so on
overall the process of data making helps
companies to understand what information
including what personal data the company
collects stores or otherwise processes
okay
that's clear so
we can talk about principles of the gdpr
and connections
to data inventory
the article 6 of the gdpr sets out six
principles that controllers and
processors should follow
when they process personal data in
europe
we would like to point out that
supervisory authorities often
impose fines on companies for violating
gdpr principles so
you obviously have to pay special
attention to those principles
when you process personal data
and
having a data inventory or having data
mapping
help you in compliance with
those
principles
it means
that
you need to process personal data
only with accordance with those
principles for example gdpr provides
with
purpose limitation and storage
limitation principles
and that means that you need to process
personal data only for specified
purposes and for no longer
for which
the data is used and for the work
that
this data
for one case then you need this data for
these purposes
and creating a data inventory can help
you identify all these purposes and
specifies the exact time period for
processing this personal data
and
in this way
you minimize the risk that you will find
out yourself in situations
this situation
when you have
in your database unnecessary data
that stores for a limited period of time
which is bad
and let's talk uh a little bit of uh
records of uh processing activities
uh the data inventory and data mapping
is closely related to the maintaining of
records of processing activities or
europa
maintaining of europa is a direct
obligation for certain controllers and
processors under article 30
of the
they gdpr
said that
you can make
your data inventory or data making in a
variety of forms but
the list of required information
on the maintaining the records of
processing activities is strictly
specified in article 30.
such information should include
name and contact details of the
processor
the applicable joint controller
controller representative and dpo such
information may also include
the purposes of processing description
of the categories of data subjects and
the categories of personal data
processed
information regarding international data
transfers
storage period and
applied organizational and technical
measures such
as anonymization
vpn access control physical security and
so on and so on
it's really hard to identify and list of
such information but if you have data
inventory or data map it becomes much
easier for you to complete this task
and also we should talk about
third parties and their role in new data
flow
the involvement of third parties has
great importance nowadays
because many companies
use
crm systems cloud technologies uh other
different marketing platforms and so on
and because the personal data you
collect may be shared with third parties
we need to include information about
site sharing in your data format
firstly it is good to identify all third
parties to whom you can transfer your
personal data
personal data of your users and then it
is good to
identify what personal data can be
transmitted
and for how long
please
also note
that
you may obtain
such personal data
not directly from data subject but from
other third parties and when it happens
you should
include information about such
transmissions in your data for map
as well
and also
you should note
that
some personal data
companies can obtain
automatically for example through api or
sdk
and such information should be included
in
data for map
maps excel
also we should talk a little bit about
satisfying the rights of data subjects
under gdpr
and the
maintaining of data inventory and data
map
also helps in such situations
and let's imagine uh situation uh you
have you are owner of uh platform which
puts processes uh
personal some personal data of users
and
one day you obtain a dsr data subject
access request from one of your users
and
[Music]
this email
user asks you to provide
them with all information you have on
them
firstly we need to understand what
information do you have
about
this
person
you think and you remember that
this user
has an account on your platform so you
have a name surname and maybe phone
number
but
at this time you also remember that
this user can provide feedback
on your platform and
you can also collect some insights about
users behavior through cookies and
other tracking technologies and you also
had a conversation with these users two
months ago so you have a lot of
information about these users and it's
really hard to identify all this
information that you have without data
making but if you have data inventory or
data mapping
i think it becomes
more easier
and
for for identifying all pieces of
information yeah
and
the last but not least
responsible security
incidents
how does data making can help
in such situations
here
similar to satisfying data subject
requests data mapping can also help you
to respond to such incidents
of course
you need to have
information security policies for
handling such requests
or personal data breach under gdpr with
strict rules how to react in a
particular situation when security
incidents is occurred but if you have
data inventory you can more swiftly
identify impacted
data subjects
in case of data breach and
under gdpr there are notification
timelines for notification of data
subject and for notification supervisory
authority and communication to data
subjects
so the time saved can help you to meet
these requirements
under gdpr
i think that's all from me for this
topic
and what
you can go on
yeah thank you
um so i would like to
talk about
how to draw your first data map as my
colleague have already mentioned data
flow maps are one of the essential parts
of the gdpr audit and ongoing gdpr
compliance
before we begin to grow
we need to understand what subjects
takes take place in the processing
activities of your company namely from
whom and what personal data you collect
and what are the third parties or
service providers you share your you
share personal data with
and what roles do all of the subjects
have under gdpr it may be data
controller or joint data controller data
processor or data subject if you want to
simplify it in order to understand the
basic concepts data subject is the one
who whose data is collected uh for some
purposes uh data controllers
uh on on
on his site defines the means and
purposes of such collecting so it uses
personal uh data for its own goals us
and if um there are several data
controllers and they define
and then define uh means and purposes
together uh that's the important point
uh that they do it together uh they will
be joined data controllers and the gdpr
and data processor is the one who acts
on behalf of data controller and
processes personal data not in
his or her own purposes but in
accordance with
the purpose defined by the data
controller
it may seem a bit abstract um and
unclear when we talk about it uh
theoretically so it's better to show an
example uh so let's imagine you have a
soft software development company and
you need to uh draw um your data map
with regard to the services due to our
search
outsource services you provide to your
clients
so uh take a look at this map
firstly you need to
understand what are the sources
from which you receive personal data uh
in this case uh like on the map uh you
may see the following services sources
uh data collected from a visitor who is
a visitor we usually call uh an
individual a visitor when he or she just
merely browses the website and leave no
personal data except
some technical identifiers which are
collected
excuse me do you hear me
everything's fine uh okay uh sorry um it
may be um
i'll begin uh we usually call uh an
individual visitor when he or she just
merely browses on the website and leave
no personal data except
some technical identifiers which are
usually collected by cookies it may be
ip gps
country of visit time of the site with a
duration of such visit and etc so uh the
source of receiving such data is usually
the website secondly you may see uh
potential clients who are these guys uh
these are the people who leave their
personal data using for example contact
us contact us form on the website um or
using email or phone number
these are usually the people who are
interested in your services and they
leave their data for further
communication regarding such services
and thirdly um
let's imagine that your company is
looking for
more i.t specialists so you also use
your website
email and phone number to collect data
about the potential employees
and such data is needed um of course for
communication with
such employees so as you will see as you
may see all of the data
company collects as a data controller
it uses
companies in such
processes is the data controller because
it uses uh such data in uh its own
purposes for example we stress data may
be used for analytics to understand uh
user's behavior on the website what's uh
for example uh
from from where uh uh the majority of
the users uh and then potential clients
data for uh maybe used for communication
with such clients regarding the services
and the police data for communication
regarding the employment process
uh then please take a look at the
company's great icon uh so as you may
see that same company may act uh as a
data controller and a data processor but
with regard to different uh processing
activities
uh so in the case of typical software
development companies the most
widespread situation is one client which
asks for software development services
is the data controller and the company
who performs such services is the data
processor
why is it so imagine your client has a
for example fitness software which
collects some personal data from its
users then these clients as this client
asks you to develop a new feature for
this software uh providing you with
success to the dates that this
application collects
then
so so client collects personal data from
application users in its own purposes
and therefore uh it is the data
controller as we have already discussed
and then uh
it transfers such data to your software
development company which act as a data
processor because uh it uses such data
only on behalf and in accordance with
the order of the client so
your company does not define the means
and and purposes of the processing thus
you are the data processor in this case
and what happens with the collected data
next you can
look above
the company's icons
uh so such data may be transferred to
different data recipients uh
they could be really really different uh
depending on the specifics of this
service we have identified most common
use of service providers these are the
cloud storages crms and analytics
services
the same story is about your contractors
we have defined them as the separate
category
because often companies attract
contractors for accomplishing specific
tasks for example it could be marketing
specialists technical specialists
lawyers uh search engine analysts and uh
so on
they all will act as data processors
because uh they process personal data
only in accordance with yours or your
company's instructions uh inside the
scope of provision of
your services
what's uh
is also important uh take a look at
arrows
which show what data what data are
transferred during particular processing
activity it may be important if you
transfer uh for example only a
particular category of data to one of
the data recipients for example you use
two cloud storages one for client states
and another one for visitors data
therefore you need to make it clear on
your map
also it's very important to see their
destinations where you transfer your
personal data as on the gdpr there are
additional rules concerning data
transfers to so-called third countries
so the countries outside of the european
union and european economic area
so it's better to understand what
additional safeguards you need to
implement to justify
such transfer for example conclude the
data protection agreements which include
standard contractual clauses developed
by the european commission it's one of
the
gdpr requirements
so
i guess
that's all about the map if you have any
questions you may ask of course and we
will
move forward
to the topic of the tips for that
inventorization and how to understand
the applicable laws and i'll give the
word to michael league
okay
thank you
uh
the next topic is
tips for data memorization understanding
applicable laws and we want to share
with you
some tips and tricks regarding data
inventory and
data maintenance and the applicables
namely gdpr
firstly
it is important to understand
which of the data you processed is
personal
personal data is any information
relating to
identified or identifiable natural
person
it can be not only name or surname but
email ip address
nickname
date of doors
and so on so
and
the most important that such
information can help
to identify
such
a person
and
you should note that not every piece of
data is a personal data
for example anonymized data cannot be
regarded as personal data under gdpr
and
we have an example
quite often platforms for any reason
reasons
block
their users and
then anonymize
their email
used for creating an account on the
platform and stored hashed email without
storing actually personal data
and
this solution kills two birds with one
stone
you
doesn't
allow to create a new account
on the platform
and at the same time you do not store
any personal data because you store only
cash
and
this is good
also you should know
about
your roles under gdpr and about location
of such roles
honestly it is not a simple task because
allocation of roles
and gdpr can be tough in most situations
but
you should remember that the main two
roles under gdpr is a controller or a
processor and controller is a company
that determines the purposes and means
of the processing of personal data
namely how and why personal data should
be processed
and the processor is a company that
processes personal data on behalf of the
contrary
we
want to point out
that
the companies that
collects personal data can be both a
controller and a processor what has
talked about this
but
i want to
give you an example
a processor can collect some personal
data
on behalf of a controller and the
striking example
of
allocation of rows
is the
operation of payment processors
where the payment
processor
collects some personal data of
from users directly and in this case the
payment processor who collects who
actually collects personal data will be
a processor acting on behalf of their
client controller who even
cannot have
any
payment data of users but only reports
of complete and completed payments for
example
and
we also advise you to utilize
your data maps
data inventory records of processing
activities when you're working with
data subject
access
requests
and
we already looked at the case of
data subject access request
but this also applies to
handling with other requests as well
for example when you handle with
direction requests
you can check in your data inventory and
records of processing activities
where and what personal data can be
stored about
this particular user and
by doing that
you can also understand whether you can
satisfy this data subject uh requests at
all
because
there is a situation uh that
it may be situations that
you may find out
that
you have other legal grounds for
processing of such personal data
and
the
you can find out that you have no
information
about
this data subject and you can receive
these requests
by mistake and
you cannot satisfy this request because
you have no information about this user
it happens to
and
i think that's all tips i wanted to
share with you so what
yeah i would like to address
three more tips
i
want you to pay attention to
the
necessity to specify the categories of
data you collect so depending on the
service depending of your uh platform uh
it could be different categories for
example contact information is uh the
most common case um
this could be like email phone number
full name uh username in social medias
and so on uh message information is um
also common
it is all of the information which could
be
treated as personal data
which you receive during messaging
during communication with your clients
financial information
is used for for example issuing an
invoice
or other payment operations when you
have some paid services you may collect
also financial
information about your users
and one of the most important and
sensitive topics is the sensitive data
as if your
service
is connected for example with some
medical
services medical issues and you collect
medical data for example from your uh
clients it is very important to identify
uh that
such type of data is being collected by
you because uh there are
additional uh requirements to the
collection of such data
on the gdpr you need to
receive for you to obtain um
an explicit consent uh for example to
collect such data lawfully
uh when you have specified the
categories of the data you collect um it
is very important to understand the
retention periods of such data so uh it
may vary from
different categories for example um
some technical data collected via
cookies
maybe
may be stored uh even like for a session
or for a day and uh other data the
contact information may be used by a
company like for for several years
because um you have the purpose of
retargeting your previous clients with
new features of your service with
new services so you need to identify
the retention periods for different
categories of data and if you cannot
identify such periods
for some reasons you need to specify the
criteria by which you
delete or store some data
also
[Music]
these retention periods
should be
tracked
in compliance with the storage
limitation principle of gdpr which
obliges data controllers to store
personal data only
for the period which uh for which such
data is needed so for example if you do
not need
any data you shall delete it on the
hdbar uh also uh purpose limitation um
principle
of gtpar is a bit similar uh similar so
you you collect every piece of data um
and you base uh such a collection on the
particular
purpose and for example if you do not uh
some amount of data for their particular
purpose for example you collect a photo
of your user uh for
the communication purposes with him
it is not essential so
such data
may not be used and
to comply with the purpose limitation
principle it is important to understand
uh the limits of uh the data collection
and also it's important to understand
where is data stored some of the
companies use their own services
server servers excuse me
and some companies
use cloud storages it's very popular now
and you need to understand where such
cloud storage is for example are servers
located because if uh they are outside
of the european uh
union and european economic area you
need to implement additional safeguards
to protect such data
also
you need
moving to the next tip
also i would advise you to perform a
regular review of your data flow maps
and records of processing activities
especially while you implementing or
removing some new features
which
make you to collect more personal data
for example
as we have
discussed the software development
company on the data map you decided to
uh
develop your it courses and you collect
uh
some data for the
enrolling on such courses
you for example collect education data
or
certificates of english knowledge
so uh you have a new categories of data
and you need to um
you need to update your data maps and
records of processing activities with
regard to such
new
processing activities
uh and
the last but not least tip for today
you need to understand the exact amount
of information you need to maintain
in accordance with article 13 gdpr i
would recommend you to
read to
examine this article which says that
controllers
shall maintain a record of processing
activities but that record shall contain
um the information uh the particular
amount of information so is the name and
the contact details of the controller so
uh of your company for example
uh the purposes of processing uh a
description of categories of data
subjects and uh categories of personal
data
uh the categories of recipients so whom
the personal data have been
will be disclosed
and where applicable
uh information about the transfers of
personal data to a certain country
uh and um
general uh description of technical
organizational security measures so i
would like you to note that um
it's
the article the this article of gdpr
asks uh only the categories of data
subject the categories of personal data
and the categories of recipients so you
do not need to
to disclose uh the particular
piece of date as a particular
data recipient or as a particular data
subject it could be only the category so
as we have discussed on the data map
slides um it could be like visitors or
clients you don't need to say that john
smith's data you have collected and put
that in your records of processing
activities
uh so do not maintain uh unnecessary
data and do it in compliance um with
in accordance with the article of gdpr
um
i guess um that's all we wanted to tell
you today uh we would like to thank you
for your attention and to ask you to
subscribe to our
youtube channel uh for our new for new
legal webinars to track our updates on
our social medias and i would like to
remind you one more time to
uh to donate if you have a an
opportunity to help the children of
ukraine
and eager
yeah yes thank you for attention
and i also would like to remind you
that you can help ukrainian children
you can find information about this
on our charity page
the links
you can find the links in the chat or in
the description of this webinar on
youtube linkedin instagram
and facebook
and
i guess we can say goodbye yeah thank
you thank you
bye
Browse More Related Video
![](https://i.ytimg.com/vi/o8-058VyUOI/hq720.jpg)
Data Inventories and Data Maps: The Cornerstone to GDPR Compliance
![](https://i.ytimg.com/vi/G4rYuEcNlsI/hq720.jpg)
Your Personal Data Inventory Top Tips & Brexit Impact 161220
![](https://i.ytimg.com/vi/3IDnuvs0kNs/hq720.jpg?v=65e1ef52)
How to Implement GDPR Part 2 :Roadmap for Implementation
![](https://i.ytimg.com/vi/WGXrbAh0LUI/hq720.jpg?sqp=-oaymwEmCIAKENAF8quKqQMa8AEB-AH-CYAC0AWKAgwIABABGGIgZShOMA8=&rs=AOn4CLCsL5CDemR4BsPwW7iAKElpOgtskA)
Privacy - CompTIA Security+ SY0-701 - 5.4
![](https://i.ytimg.com/vi/8c9MVVDU0tM/hq720.jpg)
The Data Flow Mapping Tool β the quick and easy way to document personal data processing
![](https://i.ytimg.com/vi/G7KUSYEOqUk/hq720.jpg)
How to create a ROPA (Record of processing activity), GDPR Article 30
5.0 / 5 (0 votes)