EU GDPR - Expert Advice Community



Create New Topic As guest or Sign in

HTML tags are not allowed

Assign topic to the user

  • Implementing GDPR rules in company without DPO

    For a small company which can not afford a DPO, how would you advise to implement all the GDPR rules?

  • Violation of personal data

    24/7/2018 the income tax department of *** has entered my company's bank account without any prior notice or our consent and withheld a specific amount of money for taxes owned for almost 3 years. 4/9/2020 this amount was taken again out of my company's account without any consent or prior notice. To date we do not know despite our querries in all tax offices, where did this amont go! Pls note this case was never tried and there is no court order either.
    can you please advice if what the tax department has done is ellegal pertaining to the gdpr directive issued 2018.

  • EU GDPR questions

    1. A software development company has developed a software solution where personal data is collected and processed in the cloud - during a pilot period a telecom company is offering this solution to their end clients, however the Terms & Conditions of the software development company are displayed in the application. The question is - what are the telecom company and software development company - controllers, joint-controllers, or something else?

    2. Same relationship between software development company and a telecom company like in the first question, only this is not a pilot period any more, and Terms & Conditions are displayed from the telecom company (i.e. the software development company is not visible any more to the end clients) - again the same question - who has which role?
    3. If a software solution includes monitoring of movement of elderly persons in their homes for the purpose of medical care, would this require consent from the monitored (elderly) persons since they would not operate the software? The software would be operated by medical professionals. What would be the most practical solution for the consent in this situation?

  • Is Privacy Shield deemed illegal by European Court of Justice?

    I thought Privacy Shield was deemed illegal by the European Court of Justice? 


  • Data Protection for clients

    We're a small company that want to ensure we are gdpr compliant. Are we required to have a data protection policy within our contracts, or is a privacy policy on our website enough?

  • Mobile app GDPR compliance

    Firstly, I want to thank you so much for providing such help. It is really valuable.

    I would like to ask you about the following.

    Current situation:

    I have a mobile application (Notes & todo lists) running on Android that stores & processes data.
    - This data could be personal or personally identifiable.
    - The app stores the data on the user's device in the app folder that is accessible by the user only.
    - We do not collect or store any data in the cloud.
    - The app also has google ads. Users are informed and have to give consent before using the app
    - There is no requirement for sign up or requests for email, name, passwords, financial information etc.
    - Data stored (because it is a notes app) can be personal interests, schedules, names, numbers etc.

    What I would like to know:

    Considering the app above:
    1. If I do not encrypt the data stored in the device am I in breach of GDPR?
    2. Do I need to appoint an EU Data Protection representative?
    3. Does the GDPR really apply to this application since there is no collection of data and only the user has access to it?

    Thank you so much for your help.

  • Data Storage

    Hi, Not sure if anyone can help me with this but I'm doing some preliminary research into the use of Google Suite for Education. Personal data produced by each student is stored on the Google cloud. If these storage facitlies are in a different country outside the EU would GDPR still apply?  Also by gaining parental consent for use of the suite, could the stored data be used for internal  'product development'? - and is this unlawful under GDPR? Thanks for any help 

  • Legal Document Acceptance Log

    I would like to ask a question about how yo log the data when. customers accept the necessary legal documents regarding GDPR?

  • The UK and GDPR commitments.

    I am just looking further into our companies GDPR requirements and want to understand precisely what it is we need to be doing to ensure we are fully compliant throughout our business locations. Now that the UK are are no longer a member of the EU, I also need to know what impact that has on our compliance needs.

    Can you provide any clarity?

  • EU-US Privacy Shield

    Is the EU-US Privacy Shield GDPR compliant?

Page 16 of 97 pages