EU GDPR - Expert Advice Community

Work from home auditing

If you would answer my question, please, referring to Teleworking and Mobile policies in ISO27001 document toolkit, how would you audit work from home considering their privacy?

Data privacy question

I have participated your webinar on Data privacy and I have one question. Your statement was that combinig the roles of CISO and DPO within the same person, represents conflict of interest.
Could you please search on the Internet for this topic: "The DPO and conflicts of interest: What (management) functions are compatible with the DPO?

Controller and Processor

If a company provide chatbot software to its clients and its clients need to collect EU data, is this company considered a controller or processor 

Data subject Rights

Dears, 

Please advise regarding the below 

How data subject rights regarding rectification can be applied on calls recording (voice record). How voice record could be rectified

Thanks and Regards,                                                                                                               Wasima Rajab  

GDPR in Sweden

1. How is GDPR implementation in Sweden different from Germany? We do not all differences. Our focus is the field of customer journey.
2. Which client data are publicly available in Sweden but not in Germany?
3. Which data can be tracked, e.g. client behavior, websurfing habits etc.?
4. Are there differences in cookie policy?

Sub-processor

Dears, 

Is article 28(3) applies to service provider who provide internet line services and providers who provide voice over IP services 

Thanks and Regards, 

Wasima Rajab 

Data protection by design

data protection by design is it required by the processor ? 

Thanks and Regards, 

Wasima Rajab 

Email Verification

I work in a company. We have multiple customers signed up on our websites. Currently, we do not perform email verification of customer Sign-ups. I wanted to check whether this will be a GDPR concern. Does GDPR mandate us to do email verification during sign ups?

I came across one issue where a user could use the email id of any other random person. Our marketing team may reach out to the email with marketing emails. This can be an concern wherein the actual email id user raises an issue that he/she has not signed on our website

GDPR scope

Please advise as a call center , if a non-european company established in a non-european country receives minimal volume of calls ( european citizins PII from europe) noting that its main services are not meant to serve eaurop and the phone number is not a european number. should this company follow GDPR or not 

Thanks and Regards 

Actors considered data subjects in media files?

We process media files like series, movies etc for streaming service providers. In these movies you have a person (actor) and in the credits you can see the person's actual name so you can connect the picture to the actual person. Does this also make all films and series that we handle in our production fall under GDPR? Although this information is available on various streaming platforms and online etc.?