EU GDPR - Expert Advice Community

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Assign topic to the user

Assign
  • DPIA for COVID-19 Remote Work Environment

    We are existing customer with GDPR DPO Certification & GDPR/ISO 27000 Toolkit --> Question: Is there any documentation on how to perform DPIA for home workers during COVID-19 pandemic?

  • GDPR applicability in the UK

    Does that mean since UK is no longer under EU, that means GDPR does not apply to them anymore?

  • Data protection and using WhatsApp

    I work for a mental health charity. My staff are now working from home. Can you give me any guidance on what I should be advising? Also is it safe for staff to communicate with clients via WhatsApp?

  • EU GDPR DPO Course - Retention Schedule - Module 4

    For a data retention schedule, is the presenter saying that the plan may include archival of data "in-line with specifications" or that, as an example, in line specifications may be archived. If so, can you define "in-line specifications"?

  • GDPR and the relation whit CCPA

    I need some advice on how to manage both CCPA and GDPR.

  • Employment matter

    I am a Social Worker working in a local authority through a recruitment agency. When I got a pay increase my recruitment agency did not make me aware of this. Given that they refused to provide the evidence as to when my pay rate was increased, I requested for access to records. My agency refused to provide this. I decided to change to a different agency. The middleman between my agency and the Local Authority I worked with said that they cannot allow me to change to another agency because my recruitment agency has not breached my employment right. I would like to know if the middleman is right or whether my recruitment agency has breached any law. Has my agency breached right to access under GDPR

  • Purpose of a company´s Data Protection Policy

    Which of the following is the purpose of a company´s Data Protection Policy?

    1. A Data Protection Policy allows the company to guide its employees on key aspects of GDPR that are applicable to the company.
    2. A Data Protection Policy allows the company to demonstrate transparency towards its clients.
    3. A Data Protection Policy allows the company to formulate data protection principles in line with the GDPR.
    4. All of the above.


    I picked the ‘first answer’ during the exam because as stated in the course material practice exam p.64 ‘A Data Protection Policy is defined by the company to provide its employees with a relevant interpretation of GDPR in the context of the company’. The second answers ‘demonstrate transparency towards its clients’ is incorrect because Data Protection Policy is an internal document (course material p.62) and demonstrate transparency towards its client is the purpose of Privacy Notice (course material Module 3 p.17) not Data Protection Policy. The third answer is somewhat correct according to course material p.62 but not totally as the company is not formulating new principles in line with GDPR, it is applying already existed GDPR principles (requirements) to the company’s processing activities. But again there wasn’t an option in the exam for me to pick 2 right answers.

    Could you please confirm the intent of this question? Or if it was a technical error on the exam question setup to pick more than 1 answer?

  • Legal basis and contracts

    Do I require to make consent forms if I'm working on a contractual legal basis?

  • Data deletion request

    I have a question regarding a data deletion request -  once we delete all the data do we need to inform the data subject that the deletion has been done? Is there an official form that we need to send the data subject? Or anything we should do or be aware of?

  • GDPR in software development and blockchain

    We are developing a mobile app where we scan documents, ask for data in forms and use blockchain.

    We want to make sure we comply with GDPR. Especially around:
    -data retention, is hashing data enough?
    -anonymized vs pseudonymized. Are we understanding it correctly?
    -data access by personell. Is it ok that developers and database admin can see some of the data
    -how to know when data is misused, mis-accessed, or breached
    -are we a data processor or controller?

Page 1 of 68 pages