Jovan Stevovic’s Post

Portugal's GDPR Tightrope for Marketers 🇵🇹 Marketers in Portugal, take note! The data authority prioritizes complaints over inspections, potentially leading to uneven enforcement, especially for you in direct marketing. Finding the balance between marketing goals and GDPR compliance can be tricky. Transparency is key! Businesses must clearly explain how they collect, use, and process data to maintain user trust and avoid penalties. The rise of "pay-or-OK" models adds a new layer of complexity. While legal, these models require crystal-clear communication about data usage and genuine user consent. Don't forget to ensure fair alternatives to data transactions exist. ✅ The takeaway? Be proactive with your #GDPR compliance strategy in Portugal. Building trust and avoiding penalties hinge on transparency and genuine user consent. #mydatatrust #dataprivacy https://lnkd.in/eVC6nRiA

In what languages should you write your Privacy Policy to be GDPR compliant? 🔎 If you offer a service or an app in more than one EU country or plan to localise your service in different geographical areas, you should pay attention to the language spoken in those regions/states. 🧰 Key GDPR principles require information to be provided in a transparent, clear, and accessible form. This is especially true for your Privacy Policy, which is intended to inform users about how their personal data will be collected and processed. 🏢 In the B2B scenario, if English is your main working language, you can assume that the customers understand and are confident in English—there are no major problems in this specific case. 📱 In B2C, You shouldn’t provide your Privacy Policy in an English-only format: if users cannot properly understand how their data will be processed and how to exercise their data protection rights, you are breaching the GDPR. The importance of the language has a considerable weight when consent is collected (even when it comes to cookiesinstallation). Here, it is essential to demonstrate that consent was freely given and informed.  This means that you must demonstrate that a user understands your policies clearly. ✅ A quick thought about internal documentation: remember that documents such as Data Processing Agreement, Terms of Service, and DPIA can be in English-only format. #digitalhealth #compliance #gdpr #chinoio

Is your startup reaching global markets? Your local business might need GDPR compliance sooner than you think. If you're handling data from EU residents - whether through offering services or tracking online behavior - GDPR's strict requirements apply to you. The key difference from U.S. regulations? Explicit opt-in consent for data collection. Read my full article on navigating international data privacy regulations while growing your startup: https://lnkd.in/gMjq3s_D

⭐ 𝗜𝘁'𝘀 𝘁𝗶𝗺𝗲 𝘁𝗼 𝗽𝘂𝘁 '𝗣𝗮𝘆 𝗼𝗿 𝗢𝗸𝗮𝘆' 𝘁𝗼 𝘁𝗵𝗲 𝘁𝗲𝘀𝘁... ⭐ Have you noticed the growing trend where services offer users a stark choice: either consent to tracking for marketing or pay a fee to opt out? This is "pay-or-okay" - and it's becoming more and more popular. But is it GDPR-compliant? Join our webinar to find out... 📣 𝗪𝗲𝗯𝗶𝗻𝗮𝗿: "𝗣𝗮𝘆 𝗼𝗿 𝗢𝗸𝗮𝘆 𝘁𝗼 𝘁𝗵𝗲 𝘁𝗲𝘀𝘁" 📣 We're live on 11th April with Tobias Judin (head of International Section at the Norwegian Data Protection Authority) and Dr. Frank Schemmel to delve into the legal intricacies. Discover: 👉 Key features of the "Pay or Okay" model 👉 GDPR challenges it poses 👉 What to expect from regulators, including the EDPB ruling Tune in on April 11th and have your questions answered by the experts! Register now: https://lnkd.in/dcfYVDm6 #GDPR #DataProtection #Webinar #Privacy #Compliance #consent #preferences #CPM

🇪🇺❗ GDPR & DMA Synergy: The Future of the EU Digital Marketplace The European Data Protection Board (EDPB) and the European Commission are collaborating to offer guidance on navigating the convergence of GDPR and the Digital Markets Act (DMA), essential for digital companies striving to comply with both regulations. Balancing user data protection while promoting fair competition poses a significant challenge in the digital sphere. Key Objectives: 1️⃣ Clarify the differences between GDPR and DMA compliance requirements. 2️⃣ Maintain strong user privacy protections. 3️⃣ Establish a clear and uniform regulatory framework for businesses. Stay tuned for upcoming updates that will further explore the evolution of digital governance in Europe and its impact on both businesses and individuals. What are your thoughts on these developments? How do you anticipate these changes will influence the digital business landscape in Europe? #GDPR #DMA #EDPB #DigitalRegulation #DataPrivacy #DigitalMarkets #Compliance

Earlier this week, my good friend Fanny Mrani told me about the new GDPR certification in Europe: things are about to be spicy! 😵 Long story short, Europe has introduced a new certification standard! GDPR Certification Standard and Criteria (BC 5701) is a framework to help organizations systematically implement GDPR requirements and demonstrate accountability. The thing is that, it's no matter your size or what you do! It's basically like a trust badge for GDPR compliance. For businesses, it's a way to identify trustworthy partners.... But for companies outside of Europe (looking at you Japan and South Korea), it's another hoop to jump through to stay competitive in the market. In short: it's great for trust but not-so-great for cutting paperwork! 😬 If you've got some time, you should definitely have a look here: https://lnkd.in/gAyXTasD (they give you the big picture!). Alternatively, I'm sure Fanny would be more than happy to discuss it with you. 😉

Tomorrow the deadline arrives for businesses to have a valid transfer mechanism in place if they are transferring personal data to jurisdictions without adequate data protection safeguards. The UK GDPR requires a valid transfer mechanism when sending personal data overseas to countries without adequate safeguards as determined by the UK government. A common mechanism has been incorporating the old EU standard contractual clauses (Old EU SCCs) issued under the previous Data Protection Directive into contracts between the UK business and overseas recipient. However, after March 21, 2024, businesses can no longer rely on the Old EU SCCs for contracts entered into before September 22, 2022. Any contracts using the Old EU SCCs as the data transfer mechanism must be updated before the deadline to maintain compliance when transferring personal data internationally. Businesses need to take action now to replace the Old EU SCCs with the new clauses approved by the UK government. Failing to update contracts could result in unlawful cross-border data transfers after the deadline. If you need any help meeting these requirements, please contact our compliance team. Ensuring your contracts have valid data transfer mechanisms is crucial for continued GDPR compliance. #GDPRcompliance #dataprotection #regulatorycompliance #complianceconsulting

Navigate the complexities of data protection and GDPR - with our FREE "Data Protection & GDPR Essentials for Successful eCommerce and eMarketing" Pnline 🗓️ November 4th ⏰ from 10 AM to 1 PM 👉 Register now and take a proactive step towards compliance at https://lnkd.in/eEYJdESi Why You Should Attend: Understanding data protection laws is crucial for business success in today's digital landscape. This workshop is designed to demystify GDPR, providing you with the essential knowledge to ensure compliance without the jargon. What You’ll Learn: 🔍 The fundamentals of data protection and GDPR 🔍 How these regulations specifically impact small businesses 🔍 Simple, actionable tips to achieve GDPR compliance By the end of this workshop, you will clearly understand your legal responsibilities and practical steps to implement them within your business. #LaoisBusiness #GDPR #DataProtection #eCommerce #MakingItHappen

From a GDPR perspective, data from European companies should preferably be processed within the EU. 💻 However, many providers of sales territory management software directly or indirectly use the services of US companies, which means that the data leaves the European Union. 🤔 At portatour®, however, all servers are located in the EU, so that data processing takes place exclusively there. 🔐 #portatour® #territoryplanning #DSGVO #GDPR

GDPR and International Data Transfers: What You Need to Know   As businesses expand globally, international data transfers under GDPR become increasingly complex. Our latest article covers the critical factors you should consider to ensure compliance and protect data across borders. Read it here: https://lnkd.in/e3jyhmJz   With Deepeo, data management and compliance go hand-in-hand. Our solution is designed to help companies anonymize or delete data seamlessly, maintaining full GDPR compliance for both local and international operations. Deepeo’s centralized, automated platform offers data managers peace of mind with real-time insights, customizable retention rules, and comprehensive compliance reporting.   Navigate GDPR challenges with a robust solution built for global compliance.   #GDPR #DataPrivacy #DataTransfers #DataAnonymization #Deepeo #DataSecurity