Please select user.
There are no topics yet.
Should we be verifying customers' identity via email when the email they are contacting us from is the same email they used to purchase a product from us?
When a client of ours asks for proof of GDPR compliance what do companies normally provide?
Also, in the 07.24_Data_Subject_Requests_Communication_Register_Premium_EN document I don't see a slot for the name/email of the data subject. Part of me thinks that makes sense as if you are asked to delete their info yet keep it in that document then you technically didn't completely delete it? The other part of me wonders how that demonstrates compliance when you can't link it back to a particular data subject request?
Hi there, I am hoping that you may be able to help me with a question relating to GDPR in the workplace.
We currently have a situation at work where a colleague has provided us (a business) text messages with another colleague. These messages may be included as evidence within an upcoming grievance.
My question is, can the organisation simply take these messages and use them as evidence, or does this constitute 'processing' under GDPR as they have now been passed from an employee to the business (the employer). Will we need to gain consent from both individuals to use these messages?
I think it is also worth noting that these messages were sent on an encrypted messaging service similar to WhatsApp, on personal devices. We are concerned that the employee who did not provide the messages, may raise possible GDPR compliance issues around processing such data which is identifiable.
Any support on this matter would be greatly appreciated.
we (company) do business in the EU but do not have a need for an LSA.. can our company residing in the USA be considered the LSA?
I work for ***. Several years ago I purchased your organization's EU GDPR toolkit and used it to assist in preparing my organization for GDPR. As we are a UK firm, in a post-Brexit world we do fall under the UK data protection legislation. I am wondering if you have a similar package related to the UK law. That being said, I recognize the two laws (EU and UK) are quite similar, so perhaps your advice would be to use the same policies and procedures, but to simply reference the UK law in place of the EU law. Please let me know your thoughts when you get a chance.
My website consists only of one page which shows two buttons. One button is linked to my LinkedIn profile, the other one to my Xing profile (german version of LinkedIn). I am employed, not self-employed, and will not use any analytics such as Google Analytics.
I completed the online GDPR course last year but still have to do my exam. As the Office Manager of a biopharmaceutical company, I receive multiple CVs from jobseekers on a weekly basis. There is no ongoing or active recruitment process. These jobseekers just take a chance and send their CVs looking for a job. What is my obligation as the DPO of this company? What do I need to do with these CVs so that we remain compliant with GDPR? Any advice would be much appreciated.
Do we need seperate or indeed any privacy notices for forms filled out by staff. These forms are not processed by any 3rd party. they are internal only and are for the purpose for someone to fulfil their role. Like a form requesting permission to access a folder.
How can we overcome this situation? Do you know if we can still be GDPR compliant with this situation?
I wonder if I could act as DPO in a little company being Infrastructure & Security manager. This could be a position with conflict of interest. Even if DPO is not mandatory in such a little company.