EU GDPR - Expert Advice Community



Create New Topic As guest or Sign in

HTML tags are not allowed

Assign topic to the user

  • EU GDPR (involving European trial site with US sponsor)


    If we're involving a European trial site in a study run by a sponsor in the US, what needs to be included in the consent form for the patient specifically with GDPR (such as risks)? Does there need to be a data processing agreement in place between the sponsor and trial site? The trial site will be entering pseudoanonymized data into a database that is GDPR compliant. Moreover, the site can enter the email of the patient into the database (purposes of sending study surveys) which the sponsor does not have access to. Similarly, only a few selected members of database Customer Support and the Engineering team have access to the sponsor’s production environment (live database), for maintenance purposes only. They; however, do not have access to the pseudonymized data. In that case, does there need to be a DPA between sponsor and site AND sponsor and database? Im not too sure who is the data controller vs processor. Some guidance would be appreciated. Thanks!

  • Laboratory space

    Hello, I have a quick question about video surveillance in the workplace. My employer has installed 2 cameras on the area mentioned. No information was given to the employees in advance. When I asked, I got the following answer: "The video material is not recorded and access is password protected and is only intended to support the fire brigade in the event of a fire alarm" Is that enough justification? I would be very happy about a short feedback.
  • Doubts about ODPR or GDPR

    Would you like to know if the company has the right to have a list with all the passwords of the employees to access their computers? If somewhere in the LOPD or the RGPD, it is indicated that the Data Protection Delegate must have said list to be able to access the equipment in the case of not being an employee. What I comment below is my thought but not knowing all the obligations of the LOPD or the RGPD I am the IT manager of the company and it is the first time that I come across this indication in my entire professional career. Knowing computer systems, I think that this goes against any computer security scheme and protocol, so it seems strange to me that this is the case. I also find it strange because of the following: A multinational like Repsol, if the users have to change the password every 6 months. That you have to communicate your password to the data protection officer…. If all the companies had to have that list, as I have been told, I don't think I know if there would be any company that complied with the LOP or the RGPD
  • Split between EU GDPR and UK GDPR

    "I am considering purchasing a pack but given the split with EU GDPR and UK GDPR, I am questioning it.  I also understand that there is not a lot of change in the UK GDPR against the EU GDPR so could do slight amendments accordingly eg reference to the UK GDPR legislation, what are you thoughts?
  • Change of GDPR document

    I need to update my original GDPR documents from 2018. Do you have a  cheat list of the changes or amendments please
  • GDPR Questions

    1. Advisera docs Footer and Change record – do we have to keep the Advisera wording on all docs?
    2. Client data – How long can we keep data? 6 years +1 from collection date or when client has left then 6+1
    3. Confirm BtoB data is still governed the same way as BtoC – PII
    4. Back Ups on Tape Drives and SAR requests – where do we stand?
    5. If a client asks to see our policies can\should we hand them over? Incident log, do we have to show that if asked?
    6. Clarify medical data in ***, we don’t collect it, but customer could upload it, what are the implications for us as Processor?
  • GDPR Query

    We are onboarding a new third party vendor tool which will store our EU customer's data in AWS US. The Vendor is refusing to sign DPA and SCCs with justification as the contract value is very less vendor's legal team won't sign the document. What should we do in this scenario?
  • Data Protection Addendum and Standard contractual clauses

    Hi Everyone, I have the below queries when it comes to signing of DPA and SCCs 1. In which scenarios do we sign a Data protection addendum(DPA) and standard contractual clauses(SCC) with the vendor? For e.g. there is a scenario where we will be sharing our European customer PII data with the vendor and the vendor will be storing that data in a non-EU region. In this case, we sign DPA and SCC with the vendor. What are the other scenarios where we sign DPA and SCCs with vendors?  
  • GDPR compliance for B2B software applications

    Do you have any info for GDPR compliance for B2B software applications (where I think we are the processors and our clients are the controllers)? Most of what I find online is focused on compliance for marketing emails
  • Internal audit of management systems and GDPR

    I have an inquiry regarding the conduct of reporting internal management systems and the GDPR. In our internal audit reports of our management system, we include the names and position of the audit participants. Will this pose a breach in the GDPR? Also, part of the report, as an attachment, is the attendance list containing the names and positions. Is this also a breach as per GDPR?
Page 1 of 94 pages