Get FREE 12-month access to the AI-Powered Knowledge Base worth $450
with your ISO 27001 toolkit purchase
Limited-time offer – ends June 27, 2024

EU GDPR - Expert Advice Community



Create New Topic As guest or Sign in

HTML tags are not allowed

Assign topic to the user

  • Do we need VPN to comply with GDPR?

    From your experience in order to be compliant with GDRP do we need to have VPN for all employees.

    Or is that to be ISO 270001  compliant?

  • Business Continuity Plan and GDPR

    If we want to comply with the GDPR,

    is it mandatory that we come up with a Business Continuity Strategy/Plan?

    Or will a Disaster Recovery Plan be sufficient? Which we are writing for ISO 27001 anyway.

  • Consultants considered processors?

    We have a couple of consultants at our company, most of them working full time. Some of them are hired through a consultacy firm and some of them are self employed. The consultants work according to our policies and processes as any other employee. Some of them work from home and some of them work mainly in the office. Would you consider these cosultants (or the consultancy firm) to be a data processor? I would say that they are not but we have different opinions at my company so just seeking advise. 

  • TIA/TRA assessment tools

    We have your EU GDPR toolkit (adapting it for the UK etc). 

    I wondered if you knew of any tools for carrying out TIAs/TRAs? I have seen a brief video of the Taylor Wessing system but wondered if there were any others. The ICO also have a tool but I’m really looking for something where the assessment of each countries DP laws etc has already been done, at least generally, so that we don’t have to do it each time

  • Questions on Retention Policies

    1. I had a question / needed advice. We bought your toolkit in 2022. We are a marketing research company that collects data for surveys. We support Quant and Qual research. I was wondering if you could share your views on the two questions below.
    Is there a recommendation for Retention Policies. Would 5 years be too much?

    2. For Qual In depth interviews where we have video recordings. For anonymization – would it suffice to blur out the faces or do we  HAVE to also distort the voices as well?

  • Adapting GDPR material to South African context

    GDPR is equivalent to POPIA in South Africa. How can I adapt GDPR material to the South African context?

  • Work from home auditing

    If you would answer my question, please, referring to Teleworking and Mobile policies in ISO27001 document toolkit, how would you audit work from home considering their privacy?

  • Data privacy question

    I have participated your webinar on Data privacy and I have one question. Your statement was that combinig the roles of CISO and DPO within the same person, represents conflict of interest.
    Could you please search on the Internet for this topic: "The DPO and conflicts of interest: What (management) functions are compatible with the DPO?

Page 1 of 97 pages