EU GDPR - Expert Advice Community



Create New Topic As guest or Sign in

HTML tags are not allowed

Assign topic to the user

  • Actors considered data subjects in media files?

    We process media files like series, movies etc for streaming service providers. In these movies you have a person (actor) and in the credits you can see the person's actual name so you can connect the picture to the actual person. Does this also make all films and series that we handle in our production fall under GDPR? Although this information is available on various streaming platforms and online etc.?

  • Joint Controllers

    Could you help me understand who is responsible for a data breach if there are more than one controller?

    Example Scenario:

    • Company A and B have a joint controller or data sharing agreement (controller to controller). User to provide similar customer services, CRM, email, billing etc.
    • Company A collects customer information and shares it with Company B.
    • Company B subsequently suffers a data breach exposing the shared data.

    Who is responsible for this breach Company A or B?

    If required who reports the breach to the customers/commissioner?

  • Appointing Data Controller

    "I provide some help to a Horizontal Drilling company in Ireland of around 25 personnel who carry out work for major construction and civil engineering companies in the UK mainland. I am looking at GDPR in the company and consider that they should appoint a Data Controller for GDPR compliance, am I right in my assumption? and if so will they require training considering this is small family company

  • Third Party Response

    Would appreciate your insight with regards to an entity that identifies people based upon a profile in LinkedIn. 

    What are the Privacy implications regarding accessing PII through third Party Platform.

    How would one go about confirming Data Subjects “Consent” pertaining to third party processing and archiving Data 

    Look forward to your valued response.

  • Could your toolkit be applied to public second-floor bank?

    the suggested package (EU GDPRr Documentation Toolkit) could it be applied to a public second-floor bank?


  • Data breach

    I have recently found out that due to a huge mistake with my tax submissions, my old employer had been sending to HMRC that they had issued my NI with 2 other colleagues, which now means I am paying a higher tax than I should. I am having difficulty both with my old employer and HMRC. Can this be seen as a Data Breach by my old employer? I am getting no help whatsoever with this and I am paying nearly £100 per week in tax because of this mistake!

  • Required documents

    Hello, I am starting a web hosting company as a reseller for a company that is renting its servers from Google and other cloud providers. The company has the ability to log in and see my customer's information if they wanted, but they have told me and promised that they would never do that.

    What documents will I need to write in order to be compliant with GDPR? I have heard about Data Processing Agreements, Privacy Policies, Cookie Policies, and many more, but I don't know which ones I will need.

    I am also wondering if I have to write the name of the company that I am a reseller of, I don't want my customers to know that I am a reseller. Is it for example possible to write that we are often changing providers and that the client should contact us to get the correct information? In that way, I would minimize the risk of them finding out.

  • Board/Forum registration

    1. If, we do not have to register to a board or forum, how does disputes of breaching being dealt with? To who do you report, except to the counterparty of the breach?
    2. If, we need to be compliant by the 27th December 2022; how will that be determined without being registered at a forum?

  • Data privacy

    What are our data security and privacy responsibilities when we use multiple providers to connect for user WEB experience? Data collected from those partners will be owned by those partners but we store to share it with other partners based on that experience? Are we a controller, processor, or joint controller? Maybe can provide any links which would help us to understand more

  • GDPR - which mailing is allowed?

    I would like to know how shocking I am when I send an email to a company (the one who represents the company)? The person writes me an email with the following content: "I ask you for information according to § 15 DSGVO in relation to my data processing. In particular, I ask you to inform me what legal basis you have for writing this e-mail to me."

    - I would like to be able to answer him, for sure. Can you help me?

Page 2 of 96 pages