Take the ISO 27001 course exam and get the
EU GDPR exam for free

EU GDPR - Expert Advice Community



Create New Topic As guest or Sign in

HTML tags are not allowed

Assign topic to the user

  • Is link to LinkedIn private use ?

    I understand that a website does not need to have a privacy policy if it is not commercial and only for private use. I would like to verify that my website meets this criteria. My website consists only of one page which shows two buttons. One button is linked to my LinkedIn profile, the other one to my Xing profile (german version of LinkedIn). I am employed, not self-employed, and will not use any analytics such as Google Analytics.   Does my website need a privacy profile? I prefer not to have a privacy policy on my website because I do not wish to share my address on the internet.
  • Application of GDPR to emailed CVs

    Good day, I completed the online GDPR course last year but still have to do my exam. As the Office Manager of a biopharmaceutical company, I receive multiple CVs from jobseekers on a weekly basis. There is no ongoing or active recruitment process. These jobseekers just take a chance and send their CVs looking for a job. What is my obligation as the DPO of this company? What do I need to do with these CVs so that we remain compliant with GDPR? Any advice would be much appreciated.
  • Privacy Notices

    Do we need seperate or indeed any privacy notices for forms filled out by staff. These forms are not processed by any 3rd party. they are internal only and are for the purpose for someone to fulfil their role. Like a form requesting permission to access a folder.
  • Can company share their employee personal data?

    I need to ask a question because I was not able to find one of the situation which makes me confused about GDPR. Company which have become our customer and bought service from us do share via email his employees personal data (name, last name and email) so we can create access for them on our portal. When they access portal, they will be asked to accept privacy policy and give consent (GDPR stuff)... is that ok from law side, to have personal information of company employees and after they login for the first time to accept policy? Also what will happen if some of the users never login, or don`t login for a long period and we made account for them, but user haven`t accepted privacy policy and gave consent to us?

    How can we overcome this situation? Do you know if we can still be GDPR compliant with this situation?

  • Acting as DPO

    I wonder if I could act as DPO in a little company being Infrastructure & Security manager. This could be a position with conflict of interest. Even if DPO is not mandatory in such a little company.
  • Cancellazione dati positivi in corso presenti nelle banche dati sic (crif. ctc. experian)

    Salve, è possibile cancellare in banche dati sic (crif, ctc ed experian) dati positivi in corso?? (cioè finanziamenti in corso positivi).
  • Applicability of employee data

    If we don’t have any employees in any of the GDPR geographies, then employee data isn’t applicable when completing the GDPR documentation. Is that correct?
  • Complying with EU GDPR

    My company is based in UAE however we provide our services Internationally which means we have to comply with the GDPR rules and regulations and one of them is to have a GDPR officer, is it compulsory to have EU - GDPR Office & representative in Europe?
  • DPIA’s and Clients' data

    I have a question around DPIA’s and our Clients data As a security Monitoring company providing SOC-as-a-service, we are a ‘processor’ to our clients, and we monitor their networks/systems under contractual obligation. Would we be required to carry out DPIA’s on our Client Data as a processor as well as our own data as a controller? From what I understand we would carry out a DPIA on their data if they request that we do so. Is this correct? If this is not clear or you need more information, feel free to let me know.
  • Complying with GDPR

    I have a question regarding GDPR. We would like to share specific information with registered members that belong to research/education institutions. When the user registers he would give information about institution where he works. Can we comply with GDPR if we wanted to check whether this person works at the institution as he stated (via this possibility would be explaied in privacy policy before registration).
Page 10 of 97 pages