EU GDPR - Expert Advice Community



Create New Topic As guest or Sign in

HTML tags are not allowed

Assign topic to the user

  • EU GDPR representative

    I am working with a small business (five people) and they have been asked to provide services to an Italian firm. I have been asked to explore what is required. The business is located in the US and is HIPAA compliant. I understand they need an EU representative. Is this accurate and can that be a person or a company? Thank you.

  • Toolkit content

    What documents of your Toolkit refer to the next issues:

    • Intragroup Data Transfer Agreement (IGDTA)
    • Technical and Organisational Measures (TOMS)
    • Newsletter Policy
  • Third party

    Please advise when third party disclose PII data only by visiting data processor premise and look at data at data processor premise noting that they don’t have remote access to this data , what is the nature of processing here and do we have to sign with them any agreement. And what is the case if they have remote access to this data
    Thank you

  • Fines issued in UK for non-compliance to GDRP

    Is there currently a list of organisations in UK who have been fined for non-compliance to GDPR and is this list available in the public domain?

  • 04.2 Personal Data Protection Policy Integrated

    I need help to understand the following.
    This is the first document I opened to start working on the GDPR. What do I have to fill in here
    2.    Reference Documents
    ·       EU GDPR 2016/679 (Regulation (EU) 2016/679 of the European Parliament and of the Council  of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC)
    [relevant national law or regulation for GDPR implementation [GDPR1]
    [other local laws and regulations [GDPR3]
    How do I know what law or regulation for GDPR I have to implement. This is something I hope to receive from you.
    Please advise?

  • List of documentation required by the data processor

    What is the list of documentation required by the data processor?

  • Tinder Account Banned - removing my data

    Hi dear Sir/Madam
    My Tinder account is banned for a lifetime and I cannot access Tinder anymore but my IP, Apple ID, and other details are not deleted from the system .they claim that they use it to prevent me to open a new account again. When it was banned I tried to open and it is automatically banned because of my Apple ID. Even they kept my Credit card details. I asked them to delete it and they do not. I even want to talk with Apple that why they let to happen this.
    I want to learn is it legal they do?

  • Charitable organisations, non for profits, refugees.

    As you know there are lots of people leaving *** and they are considered as refugee, and there is help available as charity or no profit and they gathering data. As a group member I need to know about the use of gdpr in our situation.

  • GDPR Documentation and PII

    Please advise regarding the below:

    1. As per GDPR what should data controller and processor do when they obtain data subject PII from another individual other than the data subject such as his/her brother or sister or friend

    2. As per GDPR , what is the list of required documentation from data processor and data controller

  • Filling templates

    In document (10.3 Data Breach Notification Form to the Supervisory Authority) there is a reference to the supervisory authority address, could you please explain what we would enter here? 
    Would it be the DPA (Data Protection Authority) agency within the European Union country that is responsible for GDPR assistance and enforcement? Or the Information Commissioner's Office (ICO) in the UK's supervisory authority for the GDPR that is responsible for promoting and enforcing the legislation?

    We also have a question regarding document (10.1 section 11, Data breach response and notification procedure) it calls for us to provide “Call lists & substitution “ and “contact details”, would this be the persons withing our organization that are responsible for acting upon a data breach, “Indecent response team”? Do you have a template for these?

Page 10 of 89 pages