EU GDPR - Expert Advice Community

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Assign topic to the user

  • Can you think of anything that could easily be overlooked when preparing for GDPR?

    Can you think of anything that could easily be overlooked when preparing for GDPR?

  • Changes to consider in regulating data transfer between EU and US

    In regulating data transfer between EU and US, what changes an organization needs to consider, with respect to Privacy Shield, Schrems II, SCC (Standard Contractual Clauses)?

  • Is acceptance of COOKIES part of GDPR?

    These days almost all website mentions caption regarding the acceptance of COOKIES...is this also a part of GDPR?

  • Numerically estimating probability of occurrence and severity in context of risk assessment in the processing of personal data

    Vorrei capire meglio come è possibile stimare numericamente la probabilità di accadimento e la severity nell'ambito della valutazione del rischio nel trattamento dei dati personali: esistono metriche descritte nelle norme ? Es. se scala probabilità è da 1 a 5, considerare 1 se si verifica un evento ogni più di 20 anni, 2 se tra 10 e 20, ecc.. Analogamente si dovrebbe fare per la gravità di un evento: come quantificare l'entità del "danno" ? Credo che questo approccio possa trovare applicazione nel DPIA, quando previsto. 

  • EU GDPR in UK

    1. What about GDPR in the UK? Is it different from GDPR EU?
    2. How could I find the differences?

  • Implications of EU GDPR data security and company data

    What are the implications of EU GDPR data security and company data?

  • Are resources from law required to implement GDPR?

    1. Do we require any resources from law to implement GDPR?

    2. In addition to that, I wanted to know what are the main things to consider when we implement this GDPR

  • Lista contatti crm

    buongiorno, sono *** e mi occupo di Marketing all'interno dell'azienda ***, specializzata in campo metalmeccanico. attualmente abbiamo importato tutti i nostri contatti (clienti e lead) all'interno del ns crm. purtroppo questi contatti sono "sporchi" perchè mancano alcune informazioni riguardo gli stessi. a questo punto, vorremmo mandare a tutte le email presenti, una comunicazione del tipo "compilate i campi mancanti ecc" e ovviamente aggiungere una arte in cui chiediamo il consenso ai loro dati, e la richiesta di potergli inviare comunicazioni.
    volevamo quindi capire se la cosa è fattibile oppure dobbiamo rimuovere e ricoinciare da zero?
    la ringrazio dell'attenzione,
    cordiali saluti.

  • GDPR Implementation Questions

    I am *** Chief Technical architect from *** and I have a couple of questions about GDPR implementation in customers applications.

    1. In order to be compliant with GDPR the user has some rights that should be available by the different systems such as the right to delete the personal data, the right to rectify, the right to get a copy of his personal data, and so on.

    Are there any issues if these rights are implemented using defined processes with our customers and use database scripts to implement the required rights Instead of modifying each and every application to implement these rights?

    These database scripts will be included in the application deliverables.

    2. The right to be informed will be included in the cookies bar or a separate checkbox in the registration process or the consent signed by the employees using these applications, is that accepted?

    3. Would you please confirm that securing the data at rest can be achieved by applying security measures on the database access either physically (access to the physical server) or logically (access to the database tables) if it is on-premise?

    This is also applied on databases hosted on the cloud by the cloud providers and in this case we need a confirmation from the cloud provider that the servers are secured as required and confirm the required security measures.

    4. Securing the data at transit can be implemented by securing the communication channel (i.e. using HTTPS protocol, or SFTP if the personal data included in files) and securing any media used to backup or transfer the data

    5. Encryption of personal data in the databases is something that is recommended and it is not mandated by GDPR for securing user personal data at rest, please confirm

  • Handling data according to EU GDPR

    If we are coordinating a European project, and the data we collect is basic personal data (name, phone, email) from different EU city employees who take part in that project, are we, as a coordinator, responsible for how other project partners handle this data? i.e. the project makes us ensure that many partners also view this data (it wouldn't serve a purpose if we anonymize it) and then how can we control what the partner organisations do with this data, whether they delete it on time, etc.? so far we had a project document called DP management, where we would write down procedures, including that the data needs to be deleted after the project ends and so on. Is this enough to show our accountability as coordinators?

Page 21 of 97 pages