The Applicability of the GDPR to the South African Road Accident Fund (RAF)
The RAF is a statutory public body in South Africa that collects, holds, and processes a lot of personal information (claimants, medical data, third p...
Vulnerabilities and Threats to GDPR Compliance and PII Protection
The General Data Protection Regulation (GDPR) requires controllers and processors to safeguard personal data through appropriate technical and organiz...
Examples of Unlawful Processing by a Controller (Beyond Lack of Consent)
GDPR requires one of six lawful bases under Article 6 (e.g., contract, legal obligation, legitimate interest, etc.). If none applies, processing is u...
Third-Party Compliance Oversight under GDPR
Article 5(2) GDPR (Accountability Principle): The controller remains responsible for ensuring that personal data is processed lawfully, even when pro...
In risk analysis and decision theory: Stochastic dominance is a method of compa...
In risk analysis and decision theory: Stochastic dominance is a method of comparing two uncertain outcomes (e.g., risk distributions) to see which is ...
Right to Rectification and “Undue Delay†(GDPR Article 16)
Article 16 GDPR states: “The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate...
Return on Control (RoC) in GDPR Context
RoC measures the effectiveness of a security or privacy control compared to its cost. It quantifies the reduction in risk exposure (both likelihood a...
Article 23 GDPR: Restrictions on Data Subject Rights and Processing
Article 23 GDPR allows Union or Member State law to restrict the scope of obligations and rights under GDPR by way of legislative measures (not just a...
Privacy by Design and by Default (GDPR Article 25)
Privacy by Design (PbD): Embedding data protection principles into the design of systems, processes, and technologies before they are deployed. Priva...
Re-requesting Personal Data Already Held by the Controller
Data Minimisation (Art. 5(1)(c)): Only collect what is necessary for the specified purpose. Accuracy (Art. 5(1)(d)): Personal data must be accurate a...
Legal Grounds for Processing Data in the Public Interest (GDPR)
GDPR explicitly provides “public interest†as one of the six lawful bases for processing: “Processing is necessary for the performan...
Key GDPR Definitions and Principles: An In-Depth Perspective
The General Data Protection Regulation (GDPR), formally known as Regulation (EU) 2016/679, establishes clear definitions and guiding principles for th...