The data may be disclosed to entities outside the organization, provided there is an agreement with the data holders. Facebook is a good example of these practices, because in March 2017, the social media giant said it would oppose the monitoring of social data by third parties. Dimitar Kostadinov applied for a 6-year master`s degree in Bulgarian and European law at the University of Ruse and was enrolled in 2002 after a bachelor`s degree. In 2009, he obtained a master`s degree. From 2008 to 2012, Dimitar worked as a data entry – research for the American company Law Seminars International and its Bulgarian-Slovenian business partner, DATA LAB. In 2011, he was admitted to the Vrije Universiteit Amsterdam (Netherlands). Dimitar also holds a degree from LL.M. Diploma at Intellectual Property Rights – ICT Law from KU Leuven (Brussels, Belgium). In addition to law studies, he is particularly interested in the Internet of Things, big data, data protection, electronic contracts, electronic broadcasters, electronic media, telecommunications and cybercrime. Dimitar participated in the 6th European Summit on the Internet of Things organised by the European Forum in Brussels.
It is therefore essential to clearly define the issue of data ownership at the very beginning of each business relationship. If the data set belongs to a particular party, the party concerned should take the necessary steps to ensure that the data remains in its possession in different ways, such as patents and trademarks. An Interconnection Security Agreement (ISA) is a model agreement for organizations that jointly use associated systems and provides technical details of interconnected systems. The ISA defines technical, security and data protection measures important for planning, initiating, maintaining and terminating a business relationship between two or more companies. This agreement protects the rights of the contracting parties. It is therefore important that it is signed on time. An ISA must describe in detail the rights and obligations of each party. Viewing information flows about interconnected systems or access to partners will show weaknesses in data protection.
The company is advised to verify compliance with data protection principles and rules and to verify compliance requirements. Any further assessment of data protection risks should include partner assets: websites, social networking profiles, sharing platforms, etc. Another reason for concern for data protection is the collection of data by third-party applications, a fact that should prompt corporate lawyers, legal advisors or other decision makers to review end-user licensing agreements/EULA/these applications. Unauthorized data sharing exposes organizations to external attacks. This data can easily be stolen or used for blackmail.