EU GDPR - Expert Advice Community



Create New Topic As guest or Sign in

HTML tags are not allowed

Assign topic to the user

  • Can I save my customers information and email them about the event they purchased a ticket for?

    I am selling tickets to my online event. Can I save my customers information in my CRM and email them about the event they purchased a ticket for?

  • Email won't respond unless I give certain info in order to be GDPR-compliant - is this GDPR-relevant?

    I sent an email to my company's HR about some issues, who said they wish to know who I am (i.e., whether I am an employee, customer, relation to an employee etc.) in order to keep their response GDPR compliant. Is this in any way GDPR-relevant, and would it not risk being less compliant by asking for more personal detail where it is most likely irrelevant to do so?

  • Confirmation for Erasure of Data

    I did get the file and extracted it.

    It has the additional files you mentioned, but there is not one for a Data erasure requests, only the confirmation of erasure.  My question for you, is what should we use to confirm that someone has asked us to delete their data?

    Should we use a combination of :



  • Possible GDPR breach

    I asked a member of my voluntary organisation to email me her complaint about the conduct of other members of the organisation. She then sent me a file which contained potentially libellous allegations against a non-member. I forwarded the file to an another officer to be considered. In the meantime, the complainant has circulated that file without authorisation to other members of our organisation. Is the organisation or myself in breach of GDPR security, although I have only circulated the file to one other officer, whose advice was that we are not competent to consider the case of the person named in the file in connection with criminal misconduct (without any supportive evidence). Or is it only the complainant who may be guilty of a breach, for circulating her own personal and original copy of the file to others?

  • EU GDPR representative

    The client is a small company that is a staff of four or five. They are based in the US and provide neurologic brain testing for patients usually suffering from a stroke.  The tests are administered by a doctor or a health clinic.  Recently, there is a clinic in Italy that plans on using their software.  The number of patients, for the near future, may only be a few dozen.

    I have done some research but can't find an exact answer to these questions:

    1. Does the company need to have a formal EU Representative?

    2. Are there companies that provide EU Representation services?

    3. Does this representative need to keep the Record of Processing Activities?

    4. If there is one thing that must be focused on to be GDPR compliant, what would that be?


  • Joint controllers share of responsibilities in IoT

    I am interested in how to determine a share amount of responsibilities in IoT.
    Thank you in advance

  • GDPR Data Retention

    Hello, I am from the US. I found a link which referred me to a website that specializes in modding videogames. Without looking or reading up much on the site I signed up as I assumed I would be able to delete my account. I quickly found that I did not want to keep this account there. I emailed the administrator of the site for clarification on the policy, and they stated that they were legally obligated to retain my account for 7 years, and they then banned me from the site. I had emailed about the possibility of deletion, though I did not request it before they banned me. I did further research on this site and they stated vaguely that the GDPR requires them to maintain my account for 10 years, but they state 7 in the terms of service. They also referenced US Tax Laws and the Swiss Data Protection Act, but they referred to the GDPR as the law they had to follow regarding retention of my account. I did a few hours of searching but could not come up with anything that stated they had to retain this, which would prevent me from acting upon my right to delete the account. I was wondering if there was something I missed in my research regarding the retention period.

  • Collecting email addresses

    Afternoon, I run a company and we are trying to contact possible customers. Can I go on a website, contact us page, find the email address and email them directly some information about our company? I am looking into a mail chimp style of set up where they have they have the option to opt out and plan on sending newsletters, offers etc. Thank you for your time.

  • Ensuring proper resources are on board

    I just read the project plan for GDPR compliance.
    Sheet mitigation project risks mentions "ensuring proper resources are on board".
    Can you inform me which resources that are?

  • EU GDPR representative

    I am working with a small business (five people) and they have been asked to provide services to an Italian firm. I have been asked to explore what is required. The business is located in the US and is HIPAA compliant. I understand they need an EU representative. Is this accurate and can that be a person or a company? Thank you.

Page 17 of 96 pages