On March 13th 2020. croatian data protection authority (AZOP) published an information about issuing first GDPR fine in Croatia. According to fuzzy local law, it is not really clear how transparent AZOP has to be with regards to issuing fines, although local regulation does require non-anonymised fines to be published on the AZOP web site in case they are bigger than 100.000 HRK (about 13.150 EUR).

Fighting global pandemic is impossible without collecting and processing special categories of personal data. The core of this fight is collecting and processing data about patients’ locations, movement, health conditions and personal habits (i.e. hygiene, food etc.) as well as contact with other people and type of interaction. All this information and much more is carefully analysed so patterns can identify, conclusions made and used to protect human race.

The violation of the right to privacy, irresponsible behavior towards personal data and their misuse to generate profits, and at the cost of causing an individual's damage, has become the business practice of many. Technologically advanced companies such as those in the telecom and banking sector, and innovative startups that today offer public services to millions, and even billions of users, brought the processing of personal data to perfection.

Effective integration of privacy into all business processes is only possible by raising awareness of the importance of personal information, the benefits their processing brings to an individual and society, as well as the negative impact that unethical use of personal data may have.

DPIA is the heart of GDPR. At its core, GDPR wants to restore control of personal information to owners through a change of thinking about them, and responsible behavior towards personal data at the social level can only be achieved by educating generations that are conscious of risks of irresponsible or malicious use of personal data.

You've launched a whole range of activities to align with GDPR requirements. You have appointed the DPO, established a structure of authority and responsibility for managing the personal information. You have analyzed the readiness of the organization and the IT system to fulfill the rights of the owner of personal data.

At first glance, GDPR does not seem to have a major impact on IT systems. In fact, there are only a few functional requirements directly related to IT systems.

This is the time when you need to appoint a person responsible for the protection of personal information in the organization. Do not mix the function of a Personal Data Protection Officer, who your company has already appointed under the old Act with this function. The new function has almost no similarities with the old one.

What do we have to do, how, who and until when? How much does it cost? There are some of the questions we are giving the answer to in our fourth lesson of GDPR in the Big School of GDPR by ICTbusiness.info and Ostendo Consulting.

Several people from the company have gone through basic education so far or at least have read carefully the previous lessons of the Big School of GDPR by ICT Business Portal and Ostendo Consulting. You have realized that coping with GDPR can represent a serious business risk.

The consequences of breaching GDPR provisions have a major catastrophic impact on the company's business, which makes GDPR a problem for administration. Keep this in mind when creating your GDPR team.

The new rules on the protection of personal data, whose application begins in May next year, brings about major changes in society. Control of personal information is given back to their owners. The rights of EU citizens in the field of personal data protection are increasing, along with the obligations of all those who use this information.

In order to make the knowledge required to comply with the GDPR requirements as available as possible, ICT business portal, in co-operation with Ostendo Consulting, starts the Big School of GDPR.

European Commision fined Facebook with 110 million eur for providing misleading information about WhatsApp merger. Even grounded on EU merger regulation, this fine is a clear message to all those considering GDPR as just another privacy regulation nobody will comply with, as the real essence of the violation is in fact - privacy rights violation.

Upcoming EU data protection regulation aims to finally put in order massive misuse of personal data. What it brings is putting people in control over their personal data. This is exercising one of the fundamental human rights - a right to privacy. Great and noble goal.

For more than a decade I was questioning myself, why do people need a gun, sunglasses and hoodies to rob the bank. As an operational risk management expert, while assessing business process and IT operations security I keep finding same vulnerabilities. This time, I decided to exploit one and get some cash from the bank as evidence.