Guest
Is there currently a list of organisations in UK who have been fined for non-compliance to GDPR and is this list available in the public domain?
I need help to understand the following.
This is the first document I opened to start working on the GDPR. What do I have to fill in here
2. Reference Documents
· EU GDPR 2016/679 (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC)
[relevant national law or regulation for GDPR implementation [GDPR1]
[other local laws and regulations [GDPR3]
How do I know what law or regulation for GDPR I have to implement. This is something I hope to receive from you.
Please advise?
What is the list of documentation required by the data processor?
As you know there are lots of people leaving *** and they are considered as refugee, and there is help available as charity or no profit and they gathering data. As a group member I need to know about the use of gdpr in our situation.
Please advise regarding the below:
1. As per GDPR what should data controller and processor do when they obtain data subject PII from another individual other than the data subject such as his/her brother or sister or friend
2. As per GDPR , what is the list of required documentation from data processor and data controller
In document (10.3 Data Breach Notification Form to the Supervisory Authority) there is a reference to the supervisory authority address, could you please explain what we would enter here?
Would it be the DPA (Data Protection Authority) agency within the European Union country that is responsible for GDPR assistance and enforcement? Or the Information Commissioner's Office (ICO) in the UK's supervisory authority for the GDPR that is responsible for promoting and enforcing the legislation?
We also have a question regarding document (10.1 section 11, Data breach response and notification procedure) it calls for us to provide “Call lists & substitution “ and “contact details”, would this be the persons withing our organization that are responsible for acting upon a data breach, “Indecent response team”? Do you have a template for these?
Can we process the data to a country that is not considered adequate under GDPR? If yes, please advise how to ensure that they are using the appropriate safeguards
We are a small tech company from the USA. Our company purchased the EU GDPR kit, and now we would like to appoint our DPO internally. If he takes your DPO training can we officially point him? or should we still contract an external DPO?
Is Jordan recognized as providing adequate protection (is it considered by GDPR)?