EU GDPR - Expert Advice Community



Create New Topic As guest or Sign in

HTML tags are not allowed

Assign topic to the user

  • Question related to Controller and Processor with respect to GDPR

    Hey, I would like to know who is controller and processor practically. Like I know what are the duties and responsibilities of these two.
    But let's say if am developing a particular application on which I will collect personal data to fulfill the purpose of the application. So Do I have to appoint a controller or processor or is there any something like the founder or director, CEO, or legal advisor will act as a controller?

  • Filling templates

    Data Transfer Agreement template (Referenced in Cross Border Transfer Procedure):
    DTA for Controller -> Controller
    DTA for Controller -> Processor
    When to use which one?

  • International personal data transfers – Binding Corporate rules (BCR) under GDPR – and Cross boarder documentation

    I have been through the forwarded material around GDPR compliance and I have the following questions:

    1. International personal data transfers – Binding Corporate rules (BCR) under GDPR – and Cross boarder documentation
    How do we secure compliance? Is it by fill in and sign the Cross Boarder document or do we need another agreement?

    2. When we have “employed” sellers and consultants with their own companies which invoices their “salary” to Digizuite, do we then need specific Data processing agreements with each of them?

    3. I can’t find a Data Processor agreement in your material. Why isn’t it part of the toolkit?

  • Third Party Compliance

    I have a question in regards to the document in section 8, Third Party Compliance. Supplier Data Processing Agreement.  We use a third party like Google Analytics, does it fall under this category?

  • Changes to EU GDPR policies regarding e-privacy

    Hi, I need to know whether there have been any changes to the EU GDPR policies recently in relation to e-privacy. Can you advise?

  • Are Data Protection Laws extra territorial?

    1. Are Data Protection Laws extra territorial?

    2. Do Data Protection Regulators in various countries communicate with each other?

  • Cookies after blocking them

    I have a website ***.

    I made a proper (as I think) Privacy and Cookie Policy, as well as Terms of Use. Also, there is a Cookie contest, which is visible to all the users and allows them to block the cookies.

    An open-source service "cookie bot" says the website is GPRS compliant. But I still see some cookies in my browser and am afraid that my users will be not satisfied with this.

    How can I fix it?

  • Which tool to use for unstructured data?

    I came to know that in the email body if there is some personal data like address then it is called unstructured data. Kindly guide me a tool for GDPR purpose so that I can use to learn and implement GDPR.

  • Default legal position around data transfers under German Laws

    I am trying to find the default legal position around data transfers under the German Laws. In the UK, if a contract says that parties shall comply with the position of the DPA. It means that parties can transfer data amongst its affiliates if the parties have one of the EU  the approved transfer mechanisms in place. Therefore I want to determine what German law enables/ permits this. Is it something you can assist with?


  • Sensitive data requested for refund processing

    A company owes me a refund and in order for this to happen they are requesting the following:

    "send a copy of the front of your debit card plus either a copy of your passport, driving license or Utility bill dated within the last 3 months.

    Unfortunately our accounts team are unable to process the refund without these."

    I am not happy providing any of this and do not think this is needed for a refund. Can you please advise?

Page 1 of 73 pages