From your experience in order to be compliant with GDRP do we need to have VPN for all employees.
Or is that to be ISO 270001 compliant?
If we want to comply with the GDPR,
is it mandatory that we come up with a Business Continuity Strategy/Plan?
Or will a Disaster Recovery Plan be sufficient? Which we are writing for ISO 27001 anyway.
We have a couple of consultants at our company, most of them working full time. Some of them are hired through a consultacy firm and some of them are self employed. The consultants work according to our policies and processes as any other employee. Some of them work from home and some of them work mainly in the office. Would you consider these cosultants (or the consultancy firm) to be a data processor? I would say that they are not but we have different opinions at my company so just seeking advise.
We have your EU GDPR toolkit (adapting it for the UK etc).
I wondered if you knew of any tools for carrying out TIAs/TRAs? I have seen a brief video of the Taylor Wessing system but wondered if there were any others. The ICO also have a tool but I’m really looking for something where the assessment of each countries DP laws etc has already been done, at least generally, so that we don’t have to do it each time
1. I had a question / needed advice. We bought your toolkit in 2022. We are a marketing research company that collects data for surveys. We support Quant and Qual research. I was wondering if you could share your views on the two questions below.
Is there a recommendation for Retention Policies. Would 5 years be too much?
2. For Qual In depth interviews where we have video recordings. For anonymization – would it suffice to blur out the faces or do we HAVE to also distort the voices as well?
GDPR is equivalent to POPIA in South Africa. How can I adapt GDPR material to the South African context?
If you would answer my question, please, referring to Teleworking and Mobile policies in ISO27001 document toolkit, how would you audit work from home considering their privacy?
I have participated your webinar on Data privacy and I have one question. Your statement was that combinig the roles of CISO and DPO within the same person, represents conflict of interest.
Could you please search on the Internet for this topic: "The DPO and conflicts of interest: What (management) functions are compatible with the DPO?