EU GDPR - Expert Advice Community

Home / EU GDPR

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 ISO 9001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS register of requirements Internal Audit Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Product: ISO 27001/Risk Assessment Table ISO 14001 Product: ISO 27001 Internal Auditor Course
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • EU GDPR representative

    The client is a small company that is a staff of four or five. They are based in the US and provide neurologic brain testing for patients usually suffering from a stroke.  The tests are administered by a doctor or a health clinic.  Recently, there is a clinic in Italy that plans on using their software.  The number of patients, for the near future, may only be a few dozen.

    I have done some research but can't find an exact answer to these questions:

    1. Does the company need to have a formal EU Representative?

    2. Are there companies that provide EU Representation services?

    3. Does this representative need to keep the Record of Processing Activities?

    4. If there is one thing that must be focused on to be GDPR compliant, what would that be?

     

  • Joint controllers share of responsibilities in IoT

    I am interested in how to determine a share amount of responsibilities in IoT.
    Thank you in advance

  • GDPR Data Retention

    Hello, I am from the US. I found a link which referred me to a website that specializes in modding videogames. Without looking or reading up much on the site I signed up as I assumed I would be able to delete my account. I quickly found that I did not want to keep this account there. I emailed the administrator of the site for clarification on the policy, and they stated that they were legally obligated to retain my account for 7 years, and they then banned me from the site. I had emailed about the possibility of deletion, though I did not request it before they banned me. I did further research on this site and they stated vaguely that the GDPR requires them to maintain my account for 10 years, but they state 7 in the terms of service. They also referenced US Tax Laws and the Swiss Data Protection Act, but they referred to the GDPR as the law they had to follow regarding retention of my account. I did a few hours of searching but could not come up with anything that stated they had to retain this, which would prevent me from acting upon my right to delete the account. I was wondering if there was something I missed in my research regarding the retention period.

  • Collecting email addresses

    Afternoon, I run a company and we are trying to contact possible customers. Can I go on a website, contact us page, find the email address and email them directly some information about our company? I am looking into a mail chimp style of set up where they have they have the option to opt out and plan on sending newsletters, offers etc. Thank you for your time.

  • Ensuring proper resources are on board

    I just read the project plan for GDPR compliance.
    Sheet mitigation project risks mentions "ensuring proper resources are on board".
    Can you inform me which resources that are?

  • EU GDPR representative

    I am working with a small business (five people) and they have been asked to provide services to an Italian firm. I have been asked to explore what is required. The business is located in the US and is HIPAA compliant. I understand they need an EU representative. Is this accurate and can that be a person or a company? Thank you.

  • Toolkit content

    What documents of your Toolkit refer to the next issues:

    • Intragroup Data Transfer Agreement (IGDTA)
    • Technical and Organisational Measures (TOMS)
    • Newsletter Policy

  • Third party

    Please advise when third party disclose PII data only by visiting data processor premise and look at data at data processor premise noting that they don’t have remote access to this data , what is the nature of processing here and do we have to sign with them any agreement. And what is the case if they have remote access to this data
    Thank you

  • Fines issued in UK for non-compliance to GDRP

    Is there currently a list of organisations in UK who have been fined for non-compliance to GDPR and is this list available in the public domain?

  • 04.2 Personal Data Protection Policy Integrated

    I need help to understand the following.
    This is the first document I opened to start working on the GDPR. What do I have to fill in here
    2.    Reference Documents
    ·       EU GDPR 2016/679 (Regulation (EU) 2016/679 of the European Parliament and of the Council  of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC)
    [relevant national law or regulation for GDPR implementation [GDPR1]
    [other local laws and regulations [GDPR3]
    How do I know what law or regulation for GDPR I have to implement. This is something I hope to receive from you.
    Please advise?
Page 18 of 97 pages