EU GDPR - Expert Advice Community

Do we need VPN to comply with GDPR?

From your experience in order to be compliant with GDRP do we need to have VPN for all employees.

Or is that to be ISO 270001  compliant?

Business Continuity Plan and GDPR

If we want to comply with the GDPR,

is it mandatory that we come up with a Business Continuity Strategy/Plan?

Or will a Disaster Recovery Plan be sufficient? Which we are writing for ISO 27001 anyway.

Consultants considered processors?

We have a couple of consultants at our company, most of them working full time. Some of them are hired through a consultacy firm and some of them are self employed. The consultants work according to our policies and processes as any other employee. Some of them work from home and some of them work mainly in the office. Would you consider these cosultants (or the consultancy firm) to be a data processor? I would say that they are not but we have different opinions at my company so just seeking advise. 

TIA/TRA assessment tools

We have your EU GDPR toolkit (adapting it for the UK etc). 

I wondered if you knew of any tools for carrying out TIAs/TRAs? I have seen a brief video of the Taylor Wessing system but wondered if there were any others. The ICO also have a tool but I’m really looking for something where the assessment of each countries DP laws etc has already been done, at least generally, so that we don’t have to do it each time

Questions on Retention Policies

1. I had a question / needed advice. We bought your toolkit in 2022. We are a marketing research company that collects data for surveys. We support Quant and Qual research. I was wondering if you could share your views on the two questions below.
Is there a recommendation for Retention Policies. Would 5 years be too much?

2. For Qual In depth interviews where we have video recordings. For anonymization – would it suffice to blur out the faces or do we  HAVE to also distort the voices as well?

Adapting GDPR material to South African context

GDPR is equivalent to POPIA in South Africa. How can I adapt GDPR material to the South African context?

Work from home auditing

If you would answer my question, please, referring to Teleworking and Mobile policies in ISO27001 document toolkit, how would you audit work from home considering their privacy?

Data privacy question

I have participated your webinar on Data privacy and I have one question. Your statement was that combinig the roles of CISO and DPO within the same person, represents conflict of interest.
Could you please search on the Internet for this topic: "The DPO and conflicts of interest: What (management) functions are compatible with the DPO?

Controller and Processor

If a company provide chatbot software to its clients and its clients need to collect EU data, is this company considered a controller or processor 

Data subject Rights

Dears, 

Please advise regarding the below 

How data subject rights regarding rectification can be applied on calls recording (voice record). How voice record could be rectified

Thanks and Regards,                                                                                                               Wasima Rajab