In terms of appointing a LSA - what if the company (UK based) primarily delivered digital services online and didn't deal with any specific EU country; would it be acceptable to appoint an LSA of any EU country (as there is no physical base outside the UK)?
1. Binding Corporate rules - are these the only way to transfer data from inside the EU to outside the EU (to UK and EU)
2. Which EU region has the toughest interpretation of GDPR?
For a small company which can not afford a DPO, how would you advise to implement all the GDPR rules?
24/7/2018 the income tax department of *** has entered my company's bank account without any prior notice or our consent and withheld a specific amount of money for taxes owned for almost 3 years. 4/9/2020 this amount was taken again out of my company's account without any consent or prior notice. To date we do not know despite our querries in all tax offices, where did this amont go! Pls note this case was never tried and there is no court order either.
can you please advice if what the tax department has done is ellegal pertaining to the gdpr directive issued 2018.
1. A software development company has developed a software solution where personal data is collected and processed in the cloud - during a pilot period a telecom company is offering this solution to their end clients, however the Terms & Conditions of the software development company are displayed in the application. The question is - what are the telecom company and software development company - controllers, joint-controllers, or something else?
2. Same relationship between software development company and a telecom company like in the first question, only this is not a pilot period any more, and Terms & Conditions are displayed from the telecom company (i.e. the software development company is not visible any more to the end clients) - again the same question - who has which role?
3. If a software solution includes monitoring of movement of elderly persons in their homes for the purpose of medical care, would this require consent from the monitored (elderly) persons since they would not operate the software? The software would be operated by medical professionals. What would be the most practical solution for the consent in this situation?
I thought Privacy Shield was deemed illegal by the European Court of Justice?
We're a small company that want to ensure we are gdpr compliant. Are we required to have a data protection policy within our contracts, or is a privacy policy on our website enough?
Firstly, I want to thank you so much for providing such help. It is really valuable.
I would like to ask you about the following.
Current situation:
I have a mobile application (Notes & todo lists) running on Android that stores & processes data.
- This data could be personal or personally identifiable.
- The app stores the data on the user's device in the app folder that is accessible by the user only.
- We do not collect or store any data in the cloud.
- The app also has google ads. Users are informed and have to give consent before using the app
- There is no requirement for sign up or requests for email, name, passwords, financial information etc.
- Data stored (because it is a notes app) can be personal interests, schedules, names, numbers etc.
What I would like to know:
Considering the app above:
1. If I do not encrypt the data stored in the device am I in breach of GDPR?
2. Do I need to appoint an EU Data Protection representative?
3. Does the GDPR really apply to this application since there is no collection of data and only the user has access to it?
Thank you so much for your help.
Hi, Not sure if anyone can help me with this but I'm doing some preliminary research into the use of Google Suite for Education. Personal data produced by each student is stored on the Google cloud. If these storage facitlies are in a different country outside the EU would GDPR still apply? Also by gaining parental consent for use of the suite, could the stored data be used for internal 'product development'? - and is this unlawful under GDPR? Thanks for any help
I would like to ask a question about how yo log the data when. customers accept the necessary legal documents regarding GDPR?
