EU GDPR - Expert Advice Community



Create New Topic As guest or Sign in

HTML tags are not allowed

Assign topic to the user

  • GDPR Compliance questions

    I got some questions about GDPR compliance. I would like to know how we can make our company compliant on the technical and organizational side. We use Microsoft Office and a Software As a Service (Saas) ERP named Odoo. How can we use these tools in a way to be GDPR compliant. On the technical side I suppose we can't do much. However on the organizational side I think we are supposed to make the difference. I was thinking about restrictions to some shares, create leaving and arriving procedures for collegues. What I am worrying about is how to manage client data. Would it be enough to leave them on our professional laptop or do they need to be on the share with limited access? If you need more information in order to understand my questions I will be happy to provide them.
  • What is considered personal data for survey company

    We are a company that performs in-depth surveys. 1. When we collect data on ethnicity (without collecting any other personal data), is this considered as personal data according to GDPR? 2. When we record session cookies, is this considered as personal data according to GDPR? 3. For some clients we do in-depth interviews, and we record either videos or images of the interviewees; we send those videos or images in aggregate form to the client (we send no other  personal data), and we do not keep track of which part of the video or which image displays which interviewee. If an interviewee wishes her personal data to be deleted, how is this to be executed on our client side if neither we nor they know which part of the video / which photo belongs to this interviewee?
  • Remote Working and Accessing EU data from outside the EU

    We are a EU based company and could have an employee based outside the EU who would be remote working. They would be accessing their PC within the office enviroment by remote desktop connection and accessing client Databases/CRM's that contain data on EU residents. The clients would be the Controllers of the data and we would be the processor. Would this be classified as a transfer to a third country? If so what measures would we need to put in place?
  • Filling out documents in integrated toolkit

    We decided not to implement ISO27001 in the next 6 months, but we want to implement GDPR now. I need the separate toolkit for GDPR if it's possible. Thanks.
  • Recording speakers at events

    I hope you can assist me and that my previous purchases cover asking questions like this. I have a query for you about recording video, taking photographs and other media we record for events / webinars / podcasts etc. The question relates to capturing the presenters and speakers at the events using video / photographs. Do we need to ask for consent under GDPR to process this data? Or do we ask them to sign a release so they are giving us copyright for the recordings / images etc? If we ask them to sign a release from so we own copyright of the material, how will this affect their rights under GDPR? For example if they sign a release for a video and then later claim they want it deleted under GDPR – can they do this as we own copyright? Or is there some other way we should process this data under the GDPR without relying on consent?
  • Posts on discussion forum

    I just want to ask a brief question about GDPR. In our company, we organise a discussion forum. Are we obliged, under GDPR, to delete posts from that forum, if the author requires us to do so? Or is it ok if we just anonymise the post? Thanks a lot
  • Storing data on Google Suite/Drive

    We wondered if you could help us regarding the following. We would like to know:
    1. When collating our list of client emails when sending out a seasonal greeting (our annual Christmas email) we store the list on Google Suite/Drive, and also CETA - our facilities managing database. Is this permitted?

    2. I update an online excel sheet which tracks which clients attend for which jobs. This is also stored on G Suite and CETA. Is this permitted?

  • GDPR - Credit card details

    Can hotels store credit card details of customers?

  • Article 1÷

    My employer collects my salary and sends it over to a third party payroll company to organise, who then sends tax to the government tax office.

    I have just realised this is what was happening, I thought my company were dealing directly with the tax office.

    Should they have informed me that my data was going to this third party company who organise my salary and pay my taxes? Its been happening for three years.

  • Text source about obligation to have IT Security Structure in place on premises

    I work as a freelance within Human Resources for a pharmaceutical SME company in ***, which belongs to an international group. We have strong co-determination rights regarding the works council.
    Members of the international headquarters want to know in which chapter of the GDPR it is written down, that a company, i.e. in ***, who has servers on its premises with various software programmes that process personnel data, must have a IT Security Structure: i.e. who has access to the servers' room, which security measures have been taken in case of fire or other emergency incidents, etc.
    Thanks a lot for a link or some further information

Page 10 of 96 pages