Frank van Vonderen

Why the rights of data subjects under the GDPR are so important?

In today's digital world, personal data is everywhere. The General Data Protection Regulation (GDPR) grants individual specific rights regarding their personal data. But why are these rights so important, even if people rarely actively use them?

6 Essential privacy requirements for choosing a SaaS supplier

Choosing a SaaS provider is a decision that goes beyond just functionality and price. In a world where data is one of the most valuable assets of an organization, privacy and data protection are becoming increasingly important. But what are the key privacy requirements that a SaaS provider must meet? Below, we’ve outlined 6 key privacy requirements to help you choose the right SaaS provider.

Privacy by Design: Protection at the heart of algorithms

What is Privacy by Design? Privacy by Design is a strategy that focuses on integrating privacy protection into technological products and systems from the outset. This approach means that privacy is a fundamental part of the design process, rather than an addition or adjustment made afterward.

Making Privacy by Design Concrete: Practical Steps for Implementation

In today's digital age, where data is ubiquitous and privacy concerns are at the forefront, incorporating privacy by design principles into the development of products and services is paramount. Privacy by design refers to the practice of considering privacy and data protection from the outset of the design process, rather than as an afterthought. But how can organizations make privacy by design concrete and actionable?

Navigating a data breach: step-by-step

A data breach is like an unexpected storm in the world of data protection. It can happen to anyone, but rest assured: the GDPR offers an umbrella in this storm. Step-by-step guidance helps organizations manage a data breach according to the GDPR, so your organization can quickly become dry and safe again.

Benefits of a register of processing operations under the GDPR

What is a Record of Processing Activities (RoPA)? A Record of Processing Activities is a detailed overview in which organizations document how personal data is processed. This includes information about the types of data collected, the purpose of the processing, with whom the data is shared, and how it is secured. According to the GDPR (General Data Protection Regulation), organizations are required to maintain such a record.

How to know if something is allowed under the GDPR: a practical tool

Since its introduction in 2018, the General Data Protection Regulation (GDPR) has brought about many changes in how companies handle personal data. However, understanding the GDPR can be challenging, and it is often not immediately clear whether certain actions are allowed. A clear explanation is provided below on how to determine if your practices are in line with the GDPR.

How to find a Data Protection Officer (DPO) that fits your organization perfectly

In an era where data protection and privacy are becoming increasingly important, finding a suitable Data Protection Officer (DPO) becomes a crucial task for many organizations. Whether it is a large corporation, an SME, or a non-profit organization, having a competent DPO is essential to comply with the General Data Protection Regulation (GDPR). But how do you find a DPO who fits perfectly with the needs and culture of your organization? Here are some tips.

How do you conduct a DTIA?

In the era of globalization and digital expansion, data is continuously sent around the world. As a result, a Data Transfer Impact Assessment (DTIA) has become essential. This assessment helps organizations evaluate the risks and compliance requirements associated with transferring personal data across borders. A step-by-step process can help create an effective DTIA.

The Importance of an Ethical Framework

AI and algorithms are transforming our lives, but they also bring ethical challenges. How can AI be fair, transparent and accountable? Establishing an ethical framework for policymakers and the public provides steps and criteria for ethical considerations in the world of AI.

Data and privacy professionals: unite!

Not infrequently, I see battles between data scientists and privacy professionals within organizations. In these conflicts, the struggle isn't over traditional causes like land, religion or honor, but rather over data minimization (how much data is needed), storage (how long to retain data) and legal basis (is this even permissible). With heated discussions, smokescreens and rear-guard debates, they engage in combat. But in battles, there are rarely winners. Not in this fight either.

100 per cent privacy compliance is not possible

Many entrepreneurs and executives shudder at the thought of the fines and liabilities associated with GDPR. So, it's natural to ask that one question: "Are we now 100% compliant?"

4 tips to prevent discrimination by algorithms

No discussion about algorithms goes by without the word 'discrimination' being mentioned. Understandably so, as there are now numerous unfortunate examples where people suffer greatly from decisions made based on algorithms. This harm sometimes goes so far as to disrupt or destroy lives. That is, of course, unacceptable – but how can you maintain control over discrimination by algorithms? The bad news: discrimination is inherently linked to algorithms. Why? The original meaning of discrimination comes from Latin. To discriminate means to 'distinguish' Only later was another meaning added to the word 'discrimination,' namely that someone is treated unequally based on discrimination.

From PET to CET

"Privacy enhancing technologies (PETs) have an image problem: 'name conceals function.' The terminology surrounding PETs will tell you what happens in the engine room, but will not reveal what problem will be solved with PETs. Right from the start, you encounter an issue, because the name 'PET' is actually too restrictive and undersells itself.

ICT becomes as easy as baking cookies

During the COVID-19 pandemic, a lot of people became bakers. Many of us, as amateur cooks during the holidays, venture into challenging creations. Often with success: with good ingredients and with a handy oven, we come a long way! But if you compare it to cookie baking, ICT is actually quite inconvenient. Because go figure with your own computer at home. All you wanted was a more efficient typewriter and suddenly you had to remember all kinds of difficult codes if you wanted to print in WordPerfect. You wanted to get on the Internet and had to learn about antivirus and anti spam. You wanted to play games, but had to learn to install sound cards and upgrade hard drives. Common thread: you want the joys of ICT, but they only come with burdens. When you look at it that way, it's actually quite strange

FG-as-a-service: increased attention to privacy within Arosa foundation

Stichting Arosa is a welfare organization in Rotterdam that offers guidance, shelter and safety to people experiencing severe domestic violence. As a result, the Arosa Foundation deals with sensitive client data. For the safety of clients and staff, it is extremely important to protect this data properly. With the arrival of the AVG, the Arosa Foundation set to work on its implementation. The last missing piece of the puzzle was filling the FG role, which the organization wanted to outsource. That's when Highberg came into the picture. With the 'FG as a Service' concept, the FG role could be filled as desired.

AVG Maturity scan: insight into the privacy maturity level within ZorgSpectrum

ZorgSpectrum helps people who live at home and need (structurally or temporarily) some extra support. Among other things, ZorgSpectrum does this through assistance with housekeeping, support in difficult situations, district nursing and palliative home care. Protecting client and employee data is a natural part of ZorgSpectrum's duty of care. After all, privacy affects clients and employees of ZorgSpectrum, directly or indirectly, at different levels and with different impacts. To know where the organization stands in terms of AVG implementation, ZorgSpectrum asked Highberg to perform an AVG Maturity scan.

FG as a Service: a successful approach for Trema

Internal recruitment was not an option because there was a desire to fill this role independently and thorough privacy knowledge still needed to be built up. In addition, recruiting externally would lead to excessively high costs. Highberg met Trema's needs with the 'FG as a Service' concept.