I am new to the GDPR field and I would ask for your help understanding better.
How can an authority in the EU fine a company in India or another country outside the EU?
Do you have some materials to help me understand how to start a GDPR program?
Do you have some materials that I could present to the management of the company to make them aware of the GDPR?
If we have access to data of EU users do we need to do anything special? We usually get data from EU companies and we do data cleaning removing duplicates.
We also receive some personal data from our clients' employees when they enter tickets. Is there something specific to consider?
How much time do we need to keep the personal data?
Are some specific security measures to be deployed?
Can you recommend a site to get GDPR updates?
Also, we received a request from a client to present out Records of Processing Activities. What are these? Do we need to have them?
Does EU GDPR mandate a company to maintain both privacy notice and internal-facing privacy policy?
Please help me with the following:
1. Do we need a special privacy notice for all kinds of contact sources (website, email, etc..) or is one enough?
2. In the Data Retention Policy - are the retention periods defined within this document?
3. In the Inventory of Processing Activities - are there some examples of those processing activities given, or is this maybe covered with the email support - for example, if we ask the expert to give advice for that?
4. What is the maximum amount of time to respond to data subject requests?
I was wondering if you could help me with some GDPR related questions:
1. How does an organization establish if it needs a DPO or no?
2. Does the DPO need to be an employee or it can be outsourced as well?
3. What would be the position of the DPO in the company organizational chart?
4. What would be the job description applicable to the DPO?
5. Is there any easy way to establish the duration of a GDPR compliance project?
6. What is the difference between a DPIA and a PIA?
7. When one needs to perform a DPIA?
8. Are there any specific requirements in terms of encryption?
Please help me with the following:
1. Do we need a special privacy notice for all kinds of contact sources (website, email, etc..) or is one enough?
2. In the Data Retention Policy - are the retention periods defined within this document?
3. In the Inventory of Processing Activities - are there some examples of those processing activities given, or is this maybe covered with the email support - for example, if we ask the expert to give advice for that?
4. What is the maximum amount of time to respond to data subject requests?
I did have a question about GDPR and was wondering if there is merit in it.
By definition, you have clarified personal data as information related to an identifiable or identified natural person. My question is whether the same GDPR rules would apply to derived or interpreted personal data for a data subject? I don't know if this is a correct example, but let us say the sharing of an EMI value of a data subject.
Dear experts
There are some issues regarding GDPR that I would appreciate your help with.
1. Does every company need to have an Inventory of processing activities?
2. How about a DPO?
3. How does the GDPR apply to companies outside Europe?
4. What is the biggest fine so far?
5. Which would be the best way to present to the management the need to implement GDPR?
6. How much time would it take a small company?
Thanks
1.What documents in the EU GDPR Premium Documentation Toolkit toolkit are mandatory?
2.Usually how many DPIA does a medium size company need to perform?
3.Can an employer ask consent from employees for sending their data outside the EU ?
4.Is ISO27001 enough in terms of security measures?
5.When does a company outside EU need to appoint a representative?
6.Is it a specific formality?
I want to know what is an everyday work of a DPO.
