EU GDPR - Expert Advice Community

Controller and Processor

If a company provide chatbot software to its clients and its clients need to collect EU data, is this company considered a controller or processor 

Data subject Rights

Dears, 

Please advise regarding the below 

How data subject rights regarding rectification can be applied on calls recording (voice record). How voice record could be rectified

Thanks and Regards,                                                                                                               Wasima Rajab  

GDPR in Sweden

1. How is GDPR implementation in Sweden different from Germany? We do not all differences. Our focus is the field of customer journey.
2. Which client data are publicly available in Sweden but not in Germany?
3. Which data can be tracked, e.g. client behavior, websurfing habits etc.?
4. Are there differences in cookie policy?

Sub-processor

Dears, 

Is article 28(3) applies to service provider who provide internet line services and providers who provide voice over IP services 

Thanks and Regards, 

Wasima Rajab 

Data protection by design

data protection by design is it required by the processor ? 

Thanks and Regards, 

Wasima Rajab 

Email Verification

I work in a company. We have multiple customers signed up on our websites. Currently, we do not perform email verification of customer Sign-ups. I wanted to check whether this will be a GDPR concern. Does GDPR mandate us to do email verification during sign ups?

I came across one issue where a user could use the email id of any other random person. Our marketing team may reach out to the email with marketing emails. This can be an concern wherein the actual email id user raises an issue that he/she has not signed on our website

GDPR scope

Please advise as a call center , if a non-european company established in a non-european country receives minimal volume of calls ( european citizins PII from europe) noting that its main services are not meant to serve eaurop and the phone number is not a european number. should this company follow GDPR or not 

Thanks and Regards 

Actors considered data subjects in media files?

We process media files like series, movies etc for streaming service providers. In these movies you have a person (actor) and in the credits you can see the person's actual name so you can connect the picture to the actual person. Does this also make all films and series that we handle in our production fall under GDPR? Although this information is available on various streaming platforms and online etc.?

Joint Controllers

Could you help me understand who is responsible for a data breach if there are more than one controller?

Example Scenario:

• Company A and B have a joint controller or data sharing agreement (controller to controller). User to provide similar customer services, CRM, email, billing etc.
• Company A collects customer information and shares it with Company B.
• Company B subsequently suffers a data breach exposing the shared data.
  
  

Who is responsible for this breach Company A or B?

If required who reports the breach to the customers/commissioner?

Appointing Data Controller

"I provide some help to a Horizontal Drilling company in Ireland of around 25 personnel who carry out work for major construction and civil engineering companies in the UK mainland. I am looking at GDPR in the company and consider that they should appoint a Data Controller for GDPR compliance, am I right in my assumption? and if so will they require training considering this is small family company