EU GDPR - Expert Advice Community



Create New Topic As guest or Sign in

HTML tags are not allowed

Assign topic to the user

  • GDPR query

    1. We are a processor and have received a data subject access request via the controller for a personal data that is bundled together with personal data from several different persons - how should we respond, because if we provide any information, we would reveal personal data from other data subjects as well?
    2. For a company based in the UK, should we register the name of our DPO with the ICO?

  • Vendita di un piccolo centro estetico

    Sto vendendo un piccolo centro estetico in provincia di ***. Mi chiedo come e se posso cedere i dati del gestionale alla nuova acquirente, in fondo lei mi paga l'avviamento e si aspetta il numero delle clienti ...grazie

  • Holding data

    Hi. I am brand new to a DPO role. How would it work if we hold data for customers outside of the UK, do we need to follow any GDPR guidelines for their country or as long as we have details in our Privacy this covers us?

  • Basic question on GDPR

    I have few basic question on GDPR

    1. Is there a version in GDPR ? (eg. 9001:2015, 27001:2013 etc standards) 
    2. If yes, what is the duration in which we get a new version ?? 
    3. Will there be significant changes from the older version ??
    4. Do we have to study & remember all the chapters 1 to 11 (99 Articles) explained in GDPR ??
    5. What do we have to study, to pass CIPM certifications ?

  • Transfer of pesonal data under GDPR

    Hello, our company process customers' personal data for the Client. We are providing consulting services for the customers, including consulting on air transportation issues. If a particular customer asks to transfer his/her personal data to a third party service provider which deals with these issues to assess the possibility of entering into a contract with such customer, this third party service provider would be a controller under GDPR before it enters into a contract with a customer? Or he would be in some different role? Thanks.

  • GDPR Checkpoints in ISO 27001 Audit Checklist

    I purchased the ISO 27001 Audit Checklist and want to know which points / clauses in it are applicable as check point for GDPR.

  • Is consent obligatory for our products?

    1. Do we have to use consent for our product, or can we use legitimate interest as the basis for our processing?

    2. If we use consent, are we allowed to deny the user the use of our service if they do not consent?

    For some background, our product is an IoT device which communicates with our web servers hosted on GCP, to store user emails and device sensor data in order to send out email alerts and provide sensor data visualizations. It also allows user control over the unit.

  • Transfer mechanisms

    When speaking about international organizations: if transferring personal data to the US what transfer mechanisms should be in place. Can you give an example?

  • Potential Customers list (Names and Mail adresses etc.)

    Good morning, I'm working in a small office (3 persons) and I'd like to ask you whether it is ok if I do a list of potential customers (B2B) with names of CEO, Head of department and Mailadresses and so on? Thank you very much in advance. 

  • Recruitment

    I ask you to answer the following questions:

    1. Do applicants have to submit a declaration of consent so that recruiters can process their data for the application process? This is a recruiter who does not hire applicants himself, but rather places what is known as direct placement with an employer.

    2. Can the recruiter request a driver card and a copy of the driver's license from the applicant if he wants to refer him to a haulage company? The recruiter wants to check the validity of the documents. The recruiting process takes place exclusively online.
    The recruiter is the person responsible within the meaning of the GDPR. In the first step, he searches for applicants in his own name. This is a job for a professional driver and a direct placement. The applicant will be hired by the shipping company. How do you behave correctly as a recruiter in this case?

    3. Recruiting takes place online only. The applicant would have to send the documents such as ADR license, driver card and driver's license by email. Is the following clause sufficient to process this applicant's data: "With this declaration I consent to the collection, storage and processing of personal data about me as part of my application process and being transmitted to potential employers?" Submit customers? Does this declaration of consent have to explicitly mention that the driver's license will be processed? It is a job advertisement for a professional driver.

    4. Can the recruiter request a copy of the applicant's identity card? The recruiter needs the ID number and series in order to conclude an employment contract with the candidate. How should the recruiter behave GDPR-correctly in this case? The intermediary has no personal contact with the applicant. The applicant would have to send the data by email.

    5. How should the recruiter behave if the applicant sends him an unsolicited copy of his ID or a copy of his driver's license by email?

    6. Can the recruiter ask for the same candidate data as the employer? The recruiter does not hire the candidates himself.

    7. The recruiter is looking for suitable candidates for more than 6 months. The application process takes longer than 6 months. When do the applicant data have to be deleted in this case? The job advertisement is z. B. online for 8 months. When does the 6 month deletion period for applicant data start counting?

    8. How long do you have to keep the recruitment contract between the customer (the potential employer) according to the GDPR?

    9. How long should I keep the employment contract between the candidate and the recruiter? This is not an employment contract. The placement is free of charge for the applicant. The recruiter receives the commission from the agent.

    10. I observe with various recruiters that you immediately note in the job advertisement that the applicant should send his résumé including a copy of his driver's license and a copy of his driver's card. Is this allowed? The recruiter is not an employer in this case.

    11. Can I ask for a photo of the applicant?

Page 2 of 89 pages