EU GDPR - Expert Advice Community

Home / EU GDPR

Discussions

Top Contributors

Expert

Rhand Leal

4140
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

366
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 ISO 9001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS register of requirements Internal Audit Product: ISO 27001/Risk Assessment Table Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Certification ISO 14001
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Recruitment

    I ask you to answer the following questions: 1. Do applicants have to submit a declaration of consent so that recruiters can process their data for the application process? This is a recruiter who does not hire applicants himself, but rather places what is known as direct placement with an employer. 2. Can the recruiter request a driver card and a copy of the driver's license from the applicant if he wants to refer him to a haulage company? The recruiter wants to check the validity of the documents. The recruiting process takes place exclusively online. The recruiter is the person responsible within the meaning of the GDPR. In the first step, he searches for applicants in his own name. This is a job for a professional driver and a direct placement. The applicant will be hired by the shipping company. How do you behave correctly as a recruiter in this case? 3. Recruiting takes place online only. The applicant would have to send the documents such as ADR license, driver card and driver's license by email. Is the following clause sufficient to process this applicant's data: "With this declaration I consent to the collection, storage and processing of personal data about me as part of my application process and being transmitted to potential employers?" Submit customers? Does this declaration of consent have to explicitly mention that the driver's license will be processed? It is a job advertisement for a professional driver. 4. Can the recruiter request a copy of the applicant's identity card? The recruiter needs the ID number and series in order to conclude an employment contract with the candidate. How should the recruiter behave GDPR-correctly in this case? The intermediary has no personal contact with the applicant. The applicant would have to send the data by email. 5. How should the recruiter behave if the applicant sends him an unsolicited copy of his ID or a copy of his driver's license by email? 6. Can the recruiter ask for the same candidate data as the employer? The recruiter does not hire the candidates himself. 7. The recruiter is looking for suitable candidates for more than 6 months. The application process takes longer than 6 months. When do the applicant data have to be deleted in this case? The job advertisement is z. B. online for 8 months. When does the 6 month deletion period for applicant data start counting? 8. How long do you have to keep the recruitment contract between the customer (the potential employer) according to the GDPR? 9. How long should I keep the employment contract between the candidate and the recruiter? This is not an employment contract. The placement is free of charge for the applicant. The recruiter receives the commission from the agent. 10. I observe with various recruiters that you immediately note in the job advertisement that the applicant should send his résumé including a copy of his driver's license and a copy of his driver's card. Is this allowed? The recruiter is not an employer in this case. 11. Can I ask for a photo of the applicant?

  • GDPR Compliance questions

    I got some questions about GDPR compliance. I would like to know how we can make our company compliant on the technical and organizational side. We use Microsoft Office and a Software As a Service (Saas) ERP named Odoo. How can we use these tools in a way to be GDPR compliant. On the technical side I suppose we can't do much. However on the organizational side I think we are supposed to make the difference. I was thinking about restrictions to some shares, create leaving and arriving procedures for collegues. What I am worrying about is how to manage client data. Would it be enough to leave them on our professional laptop or do they need to be on the share with limited access? If you need more information in order to understand my questions I will be happy to provide them.

  • What is considered personal data for survey company

    We are a company that performs in-depth surveys. 1. When we collect data on ethnicity (without collecting any other personal data), is this considered as personal data according to GDPR? 2. When we record session cookies, is this considered as personal data according to GDPR? 3. For some clients we do in-depth interviews, and we record either videos or images of the interviewees; we send those videos or images in aggregate form to the client (we send no other  personal data), and we do not keep track of which part of the video or which image displays which interviewee. If an interviewee wishes her personal data to be deleted, how is this to be executed on our client side if neither we nor they know which part of the video / which photo belongs to this interviewee?

  • Filling out documents in integrated toolkit

    We decided not to implement ISO27001 in the next 6 months, but we want to implement GDPR now. I need the separate toolkit for GDPR if it's possible. Thanks.

  • Recording speakers at events

    I hope you can assist me and that my previous purchases cover asking questions like this. I have a query for you about recording video, taking photographs and other media we record for events / webinars / podcasts etc. The question relates to capturing the presenters and speakers at the events using video / photographs. Do we need to ask for consent under GDPR to process this data? Or do we ask them to sign a release so they are giving us copyright for the recordings / images etc? If we ask them to sign a release from so we own copyright of the material, how will this affect their rights under GDPR? For example if they sign a release for a video and then later claim they want it deleted under GDPR – can they do this as we own copyright? Or is there some other way we should process this data under the GDPR without relying on consent?

  • Posts on discussion forum

    I just want to ask a brief question about GDPR. In our company, we organise a discussion forum. Are we obliged, under GDPR, to delete posts from that forum, if the author requires us to do so? Or is it ok if we just anonymise the post? Thanks a lot

  • Storing data on Google Suite/Drive

    We wondered if you could help us regarding the following. We would like to know:
    1. When collating our list of client emails when sending out a seasonal greeting (our annual Christmas email) we store the list on Google Suite/Drive, and also CETA - our facilities managing database. Is this permitted?

    2. I update an online excel sheet which tracks which clients attend for which jobs. This is also stored on G Suite and CETA. Is this permitted?

  • GDPR - Credit card details

    Can hotels store credit card details of customers?

  • Article 1÷

    My employer collects my salary and sends it over to a third party payroll company to organise, who then sends tax to the government tax office.

    I have just realised this is what was happening, I thought my company were dealing directly with the tax office.

    Should they have informed me that my data was going to this third party company who organise my salary and pay my taxes? Its been happening for three years.
Page 12 of 97 pages