Same or different? Why it is so confusing?

I’m just gonna dive straight into this topic.

With the surge of data protection laws and regulations, we’ve been introduced to a variety of different terms that sound familiar but they are actually not, and sound the same but they are actually quite different.

Personal data is one of those terms, especially if you add PII, non-personal data, quasi-identifiers, or sensitive personal data into the mix.

What am I talking about?

If you glance at the term personal data, all seems pretty straightforward. You know what is personal data.

Your name, your address, your social security number…


When doing research for my blogs, I am constantly searching Quora to find inspiration for my privacy-infused articles and get a glimpse of the most talked-about data privacy topic.

I often come across questions that everyday people, just like you and me, are searching the answers for.

And I have to be honest, some of those questions raised my eyebrows. However, as someone who is so heavily infused in data protection and data privacy area, I often fail to realize most of us just hear buzzwords that don’t really say much.

Facebook fines and WhatsApp privacy policies seem so far…


…and thrived

In the past decade or so, Marketing had a few jumps. The range of communication with individuals has grown wider and finer.

Going from physical address to e-mail address and then to third party platforms, apps, and push notifications.

We are now interacting via multiple channels collecting various data, from location to preferences, on computers, tablets, and smartphones, and Marketing just got used to it, never really reflecting on where this is all going.

Then GDPR happened, and it happened for a reason, it all kinda went wild and there was a lot of resistance from marketing and…


It’s no surprise, we have certificates that cover everything for any business niche or area, so data privacy is no exception.

However, this sizzling hot area is now in the spotlights, with over 500,000 DPOs (maybe even more, the numbers keep changing) did require some standardization.

According to the DPM blog:

At this moment, several certifications in the data privacy domain exist. Some are issued and maintained by well-known not-for-profit organizations whose main activities cover advancing data privacy issues. …


Read more: Why companies are investing in GDPR compliance

As I read somewhere, demonstrating a return on investment in privacy is a bit like trying to pin down a cloud, and it’s true or maybe it was true.

A couple of years ago there wasn’t any data on the benefits of privacy investments (well maybe some, but definitely nothing that could hold the ground. Fortunately, we live in a data-driven world where new researches, surveys, and number pop-up daily.

Data privacy has truly developed from “nice to have” to a business imperative with more than 40% of organizations seeing benefits…


So you have suffered a security incident, caused either by the human error (23%), system glitches (25%), or malicious attacks (52%). You will have to make prompt decisions and put your Incident Respons plan into action (if you are lucky to have one).

While most of your efforts will go into securing the data, preventing financial losses, and minimizing the impact of the incident you have one more thing to worry about. That is personal data.

GDPR (General Data Protection Regulation) requires you to stay compliant during the incident and report the data breach no later than 72 hours after…


This is true, everywhere you go you are bombarded with consents, ticking boxes and agreeing with privacy terms. Everyone is talking about it, giving you a piece of advice on how to collect compliant consents, what you should and shouldn’t do.

Not that there is anything wrong with that, however sometimes it can get pretty overwhelming.

What baffles me the most is that in general, people have very different and vague ideas about what consent really is, and yet General Data Protection Regulation offers very strict prerequisites and rules about consent.

This means not every consent is considered compliant and…


It is so easy to fall into a fake feeling of control and privacy when you share pictures from your holiday depicting your kid’s playing on the beach with your friends and family. But who are you really sharing all this information with?

If you think you are in control of your privacy on your Facebook or Instagram account (or any other account for all that matters), you are in for a great disappointment.

We can test this pretty easily. …


Going over all fines issued for the violation of the General Data Protection Regulation (GDPR) so far, I have noticed that not all Data Protection Authorities have the same pace nor the same criteria when it comes to who should get the fine and who should just get a slap on the wrist.

Just recently German state DPA has issued a whopping 1.24M euro fine for violation of Article 32. This means that in processing personal data they have failed to implement appropriate technical and organizational measures to ensure compliance.

One of the biggest issues that DPO is facing, when…


As a Data Protection Officer do you ever feel like you are alone on a stranded island? You are struggling to find allies within the company while creating support for your privacy program leaves you disheartened?

It is great when you were appointed or assigned as a DPO within your company. You are optimistic and eager to prove that data protection deserves its place and recognition in your organization.

However, as it is a new role and a new position and sometimes it can be hard to find your place under the sun and find allies within an organization.

The…

Maja

Product marketing specialist for Data Privacy Manager

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store