IAPP CIPT – GDPR for Cloud Service Providers (CSPs) Part 2

5. Technical and Organisational measures Hi, guys. If CFP processors do just one thing, they should review the bombshells contained in Article 26. Under this article, the processor shall not enlist another processor without the prior specific or general written consent of the controller. In effect, this means transitioning to a regime of subcontracting only… Read More »

IAPP CIPT – GDPR for Cloud Service Providers (CSPs)

1. Cloud and GDPR Concerns Hi guys. We’ll discuss about cloud and GDPR concerts. As the GDPR is a lot about consent or other legal grounds for lawful processing, about data subject rights, privacy and putting back the control of personal data in the hands of people in general. It clearly requires a risk perspective… Read More »

IAPP CIPT – GDPR and Payment Services Directive (PSD2) Part 4

12. Authentication Step Hi guys. In this lesson we’ll discuss about the authentication step. The research has highlighted some suggestions to make this step more customer friendly. The presence of the ASPs branding and logo at this step is critical to engineering customer confidence and trust in the entire process. The more distinctive the authentication… Read More »

IAPP CIPT – GDPR and Payment Services Directive (PSD2) Part 3

9. Other challenges – GDPR and PSD2 Hi guys. In this lesson, we’ll discuss again about other challenges between PSD Two and GDPR. Seemingly unconnected, these two regulatory initiatives do in fact share two common aims putting customers in control of their own data and keeping that data safe. Both GDPR and PSD Two are… Read More »

IAPP CIPT – GDPR and Payment Services Directive (PSD2) Part 2

5. New types of service providers – TPPs Hi, guys. In this lesson, we’ll discuss about rules for new types of payment service providers. What are payment initiation services? The PSD two opens the European Union payment market for companies offering consumer or business oriented payment services based on the access to the information from… Read More »

IAPP CIPT – GDPR and Payment Services Directive (PSD2)

1. What is PSD 2 and main objectives Hi guys. In this lesson, we’ll discuss about Payment Services Directive number two or shortly PS two. Two. The first Payment Services directive. PSD one was adopted in 2007. This legislation provides the legal foundation for a European Union single market for payments to establish safer and… Read More »

IAPP CIPT – Core Privacy Concepts

1. Foundational elements for embedding privacy in IT (1) Hi guys. In this lesson, we’ll discuss about foundational elements for embedding privacy in it. Without privacy policies in place and proper training for employees, it is extremely difficult to ensure that employees are following proper privacy practices. An organizational privacy policy is the first essential… Read More »

IAPP CIPP/E – Introduction to Data Protection Laws

1. European Union Institutions European Union institutions. Hello, everyone. Welcome to the first lecture of this course. In this lecture we will learn about European Union institutions and how they operate, especially when it comes to data protection laws. First of all, it’s worth mentioning the difference between the European Union and the Council of… Read More »

IAPP CIPP/E – General Data Protection Regulation (GDPR) Part 4

17. Data Breach Notifications Data breach notifications. Hello everyone. This is the last part of the security related information we will study. Article 33 and 34 impose requirements on Controller repeating again on controllers to notify Personal Data Breaches to the Data Protection Authority and in some circumstances to people impacted. Processors are only obliged… Read More »

IAPP CIPP/E – General Data Protection Regulation (GDPR) Part 3

12. Right to restriction of processing Right to restriction of processing article 18 of the GDPR gives individuals the right to restrict the processing of their personal data in certain circumstances. This means that an individual can limit the way that an organisation uses their data. This is an alternative to requesting the erasure of… Read More »