GDPR and Google Fonts

Google Fonts is a popular service that allows web developers to use a variety of fonts on their websites. However, according to the General Data Protection Regulation (GDPR), Google Fonts may be considered in breach of privacy rules. The underlying issue is related to the way Google Fonts processes the data of data subjects.

Read More

#WhyAreYourRecordingMe? – Respecting privacy and personal data protection at private events

Today I want to discuss an important issue in the digital age: privacy and data protection at private events.
It’s the season of events of all kinds: from coming of age to weddings and christenings. Let’s take a look at why it’s crucial to make sure we respect these fundamental rights and understand a few solid reasons why we need to be careful when live-streaming a private event.

Read More

5 years of GDPR- What happened in 2023 in Romania

Hello everyone!

I am ALIDI, VIRTUAL ASSISTANT from AA DATA BOX. My role is to provide support for both your employee trainings on personal data protection and cyber risk awareness. Well,on the occasion of the five year anniversary of the General Data Protection Regulation (GDPR), we would like to emphasize the importance of complying with the requirements of this regulation for companies’ management. The GDPR was introduced to ensure a high level of protection of personal data and to bring transparency and accountability in the processing of such data.

Compliance with GDPR is not only a legal obligation, but also an opportunity to build customer trust and develop a strong relationship with your customers. By complying with GDPR requirements, companies demonstrate that they are paying attention to their customers’ personal data and adequately protecting it.

GDPR imposes fundamental principles on the collection, processing and storage of personal data. Thus, ensuring data subjects’ explicit consent, adequate information about the purpose and modalities of the processing, minimizing the data collected and ensuring its security are just some of the key issues that companies need to address in order to comply with GDPR.

There are significant benefits to complying with GDPR requirements. Proper management of personal data contributes to enhancing a company’s reputation and credibility, reducing legal risks and avoiding fines or financial penalties.

On the occasion of the five-year anniversary of the GDPR’s entry into force, we present a summary of the work carried out by the National Supervisory Authority in the first four months of 2023, in terms of complaints, investigations, data controller compliance and GDPR outreach and promotion. Getting Started.

In the first four months of 2023, the National Supervisory Authority received 1,565 complaints, referrals and notifications of security incidents.

199 investigations were opened as a result of these complaints and referrals.

The Authority imposed 36 fines totaling 353,865 lei as a result of the investigations.

During the control activity, 40 warnings were issued and 39 corrective measures ordered.

1385 complaints were registered, which resulted in 81 investigations into their resolution.

Data controllers reported 66 data security breaches and 114 complaints of non-compliance with the General Data Protection Regulation.

118 ex officio investigations were initiated following these reports.

The main issues addressed in complaints and referrals were the disclosure of personal data, the use of video-surveillance systems, failure to respect data subjects’ rights and information conditions, the receipt of unsolicited commercial messages and cyber-attacks.

The Authority received 336 requests for views on the interpretation and application of the GDPR.

In closing, we would like to highlight that AA Data Box, a company specializing in providing personal data protection consultancy services, stands with organizations that aim to develop a strong organizational culture of GDPR compliance. We are here to support you in your efforts to implement effective personal data protection measures.

It’s important to recognize that data protection is not just a legal issue, but an essential component of business sustainability. With the increasing importance of ESG (environmental, social and governance) factors, data protection has become a key element in ensuring transparency and accountability within organizations. Just as environment and governance are pillars of sustainability, so personal data protection is becoming increasingly relevant and necessary.

In addition, GDPR compliance cannot be achieved without proper employee involvement and information. This is a vital component in building a responsible organizational culture and ensuring effective protection of personal data. As part of our services, we are dedicated not only to providing technical solutions and specialized consultancy, but also to creating a framework of information and awareness for employees.

Thus, AA Data Box encourages companies to consider data protection as a strategic priority and develop robust measures to ensure compliance with GDPR requirements. Through our partnership, we aim to provide the expertise and support needed to build an organizational culture geared towards data protection and sustainability, thus ensuring the long-term success of companies in a dynamic and evolving environment.

How does GDPR implementation and compliance help you?

The General Data Protection Regulation (GDPR) was implemented to ensure the proper and lawful management and protection of personal data by companies, organizations, governments and other types of entities.
However,for the vast majority of these entities, complying with GDPR can be challenging and can incur additional costs to their business or operations. However, it’s important to understand that GDPR compliance doesn’t have to be a problem for your business. On the contrary, it can bring significant benefits and can help build customer trust, protect your reputation and optimize the long-term growth potential of your business.

Read More

5 notable examples of fines for non-compliance with Art 32 of GDPR

Article 32 of the General Data Protection Regulation (GDPR) lays down the obligation for controllers to implement technical and organizational measures with regard to the processing of personal data in such a way as to ensure a level of security appropriate to the risks associated with the processing and the nature of the personal data involved. These measures must ensure the confidentiality, integrity and availability of the data, as they would say, the holy trinity in information security or CIA.

Read More