We are existing customer with GDPR DPO Certification & GDPR/ISO 27000 Toolkit --> Question: Is there any documentation on how to perform DPIA for home workers during COVID-19 pandemic?
Does that mean since UK is no longer under EU, that means GDPR does not apply to them anymore?
I work for a mental health charity. My staff are now working from home. Can you give me any guidance on what I should be advising? Also is it safe for staff to communicate with clients via WhatsApp?
For a data retention schedule, is the presenter saying that the plan may include archival of data "in-line with specifications" or that, as an example, in line specifications may be archived. If so, can you define "in-line specifications"?
I need some advice on how to manage both CCPA and GDPR.
I am a Social Worker working in a local authority through a recruitment agency. When I got a pay increase my recruitment agency did not make me aware of this. Given that they refused to provide the evidence as to when my pay rate was increased, I requested for access to records. My agency refused to provide this. I decided to change to a different agency. The middleman between my agency and the Local Authority I worked with said that they cannot allow me to change to another agency because my recruitment agency has not breached my employment right. I would like to know if the middleman is right or whether my recruitment agency has breached any law. Has my agency breached right to access under GDPR
Which of the following is the purpose of a company´s Data Protection Policy?
I picked the ‘first answer’ during the exam because as stated in the course material practice exam p.64 ‘A Data Protection Policy is defined by the company to provide its employees with a relevant interpretation of GDPR in the context of the company’. The second answers ‘demonstrate transparency towards its clients’ is incorrect because Data Protection Policy is an internal document (course material p.62) and demonstrate transparency towards its client is the purpose of Privacy Notice (course material Module 3 p.17) not Data Protection Policy. The third answer is somewhat correct according to course material p.62 but not totally as the company is not formulating new principles in line with GDPR, it is applying already existed GDPR principles (requirements) to the company’s processing activities. But again there wasn’t an option in the exam for me to pick 2 right answers.
Could you please confirm the intent of this question? Or if it was a technical error on the exam question setup to pick more than 1 answer?
Do I require to make consent forms if I'm working on a contractual legal basis?
I have a question regarding a data deletion request - once we delete all the data do we need to inform the data subject that the deletion has been done? Is there an official form that we need to send the data subject? Or anything we should do or be aware of?
We are developing a mobile app where we scan documents, ask for data in forms and use blockchain.
We want to make sure we comply with GDPR. Especially around:
-data retention, is hashing data enough?
-anonymized vs pseudonymized. Are we understanding it correctly?
-data access by personell. Is it ok that developers and database admin can see some of the data
-how to know when data is misused, mis-accessed, or breached
-are we a data processor or controller?
