I was asked recently about the use of Slack, given the Schrems 2 case and the fact that use of ‘messaging tools’ and Personal Data always rears some ‘interesting’ sticking points. So, let’s have a look at it and see what issues Slack throws up (if any).
While the ICO has said they are being flexible with organisations if things go wrong during the pandemic, they have also made it clear that any misuse or abdication of your responsibilities will result in action by them (whatever that means given their track record).
If your DPIA forms are not working for those filling them in, then they will never work for you either. So why are you using them? If you do what you’ve always done, you get what you’ve always got. So change them!
Privacy Shield is dead. Long live Privacy Shield. But what does that mean for the DPO or for the organisation?
If, like me, you’ve been completing and assessing Data Protection Impact Assessments for a number of years (long before GDPR came along), you’ll notice that apart from them being called DPIAs and being ‘mandatory’ (in certain circumstances), the same old issues around getting people to fill them in correctly remain the same.