GDPR Questions

Answer:

“Supplier Privacy Notice” is the information pursuant to art. 13 of the EU GDPR that companies would need to make available to their suppliers explaining how are they processing the personal data of the Suppliers employees.

You can find more information on what Privacy Notices are from our free webinar Privacy Notices under the EU GDPR: https://advisera.com/eugdpracademy/webinar/privacy-notices-under-the-eu-gdpr-free-webinar-on-demand/

2. What exactly is a (and/or where can I obtain more information on) DPIA Register?

Answer:

When performing the Data Protection Impact Assessment, the DPIA Register needs to be used – the DPIA Register is used for collecting the data, for assessing the risks, for defining mitigation measures, and for reporting the DPIA results.

If you want to get more information on how to perform a DPIA check out our free webinar Seven steps of Data Protection Impact Assessment (DPIA) according to EU GDP R: https://advisera.com/eugdpracademy/webinar/seven-steps-of-data-protection-impact-assessment-dpia-according-to-eu-gdpr-free-webinar-on-demand/

3. What exactly is a (and/or where can I obtain more information on) Supplier Data Processing Agreement?

Answer:

The Supplier Data Processing Agreement is a document that is meant to be signed between an entity acting as a data controller and another entity acting as a data processor where the controller instructs the processor on how the personal data needs to be processed. The document is required under art. 28 of the EU GDPR.

You can find out more about the differences between controllers and processors from out our article EU GDPR controller vs. processor – What are the differences? https://advisera.com/eugdpracademy/knowledgebase/eu-gdpr-controller-vs-processor-what-are-the-differences/

4. What is the difference between a “Personal Data Protection Policy” and an “Employee Personal Data Protection Policy”?

Answer:

The Personal Data Protection Policy is a policy explaining a company`s commitment to the data protection principles in the GDPR. The Employee Data Protection Policy is similar to the Personal Data Protection Policy but is aimed at explaining to the employees how the company is processing their personal data.

You can find more about the contents of a Data Protection Policy from our article Contents of the Data Protection Policy according to GDPR: https://advisera.com/eugdpracademy/knowledgebase/contents-of-the-data-protection-policy-according-to-gdpr/

We've received additional questions:

>1. What is the difference between Privacy Notice and Personal Data Protection Policy?

Answer:

The GDPR increases the amount of information you need to include in your privacy notices. The information is provided to the data subject through Privacy Notices. Notices must also be concise and intelligible and provide the information required under art. 13 and 14 of the GDPR. On the other hand, the Data Protection Policy as stated previously is a statement of the company to process data in accordance with the GDPR and its principles. So both the purposes and the audience is different.

>2. What is the difference between Employee Privacy Notice and Employee Data Protection Policy?

Answer:

Keeping in mind the description and purpose of a Privacy Notice note that the Employee Privacy Notice is tailored as to be used for informing the employees what the company usually uses their personal data for. The Employee Data Protection Policy is a document which is setting up the rules for processing personal data by the HR department.