EU GDPR - Expert Advice Community



Create New Topic As guest or Sign in

HTML tags are not allowed

Assign topic to the user

  • Transfer to controllers or Processors - which one to use?

    We are the software developing company and wanted to fill out the SCCA
    Which one do we need to use? Transfer to controllers or Processors? We would be transferring the information to our contractor software company in India from the USA

  • Implementing EU GDPR in a small company

    1. How can a small (1-2 person) company correctly implement the GDPR?

    2. Also, what tools are available for a Marketing agency to provide its clients with GDPR implementation?

  • Appointing the manager of the institution's website

    Salve, Il dirigente scolastico ha l'obbligo di nominare il gestore del sito web dell'istituto (azienda esterna), responsabile per il tratamento dati ? Segnalo che il sito web non memorizza informazioni, non vi sono form, tratta i classici cookies e l'albo pretorio, quest'ultimo contiene informazioni di carattere pubblico. Grazie!!!

  • What should I do to be compliant?

    I haven’t contacted you for a long time. I’m very happy to complete the basic framework of the company’s GPDR in 2019 with your help, but now there is a problem, as you know, that is: "On July 16, 2020, the Court of Justice of the European Union issued a judgment declaring as “invalid” the European Commission's Decision (EU) 2016/1250 of 12 July 2016 on the adequacy of the protection provided by the EU-US Privacy Shield”.

    Our current situation is:

    We are always certified under EU-US privacy shield so we declare on our website that it complies with GDPR, but it is invalid now..In this case, what should I do to be compliant, in addition, we have no office in EU, just between China and USA we use standard clauses to do transfer between China and USA .

  • Physical hosting in EU data centers for products and processing

    I am not sure you can help me with this but I will ask.  Are we required to physically host in the EU data centers for our products and processing or can we host in the US if we follow all of the GDPR rules and cross border transfer guidance.  If this is not the type of question I can ask, I totally understand and will pursue other avenues for guidance.  Thanks again for your help and great product.  Let me know if you have any questions or concerns.

  • GDPR Implementation Inquiry

    We have an inquiry regarding the GDPR implementation , we are a software company that develops a software solutions to  a customer X at Europe ; the  software solutions are carrying personal information for X’s employees so we are a processor.

    Internal systems developed and maintained by my company  for other customers that have EU citizen employees should be GDPR compliant and in this case it should be secure by design and data should be secured at rest considering there is no agreement between the client and ourselves for applying GDPR requirements on the system ..please confirm?

    Regarding personal rights, are these rights applied on employees as they are EU citizens in the way that is compliant with business rules and data retention policies, for example if the employee left the company and wants his data to be deleted, in this case the company should reply within 1 month that according to the business needs and regulations, his data will be retained for 5 years for example and after these 5 years ha may ask for a data deletion confirmation, is that right? We need to know what are the employee rights here and what to be applied at our systems?

  • Privacy Shield being invalidated

    Hi there - I'm *** from ***, a US-based company that acts as a data processor. We used your excellent GDPR toolkit to be compliant when GDPR first came out (May 2018). Recently, as I'm sure you know, Privacy Shield was invalidated. What advice can you provide on how to retain GDPR compliance going forward?

  • Does GDPR applies just for European people?

    "I have a doubt, in the company which I work, we have clients of LATAM and all of their employees aren´t European people but our hosting is in Spain. If I understand very well GDPR applies just for European people, this is right?

  • Key technical security safeguards

    What are the key technical security safeguards that are mandatory to achieve compliance?

  • Compliance check: Controller with no establishment and/or representative in EEA - Data and processing happens within EEA

    Our company established in Australia is planning to run a global online classifieds website. We will also be servicing to data subjects in EEA in addition to data subjects outside EEA.

    We have no representatives or establishments in EEA. The data will be stored in Ireland and all of our servers will be in Ireland. We use a cloud hosting provider. We will never transfer data from Ireland to any third country.

    Will we still be compliant? If not, what should we do to be compliant?

Page 2 of 75 pages