Get 2 Documentation Toolkits for the price of 1
Limited-time offer – ends March 28, 2024

EU GDPR - Expert Advice Community

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Assign topic to the user

  • Numerically estimating probability of occurrence and severity in context of risk assessment in the processing of personal data

    Vorrei capire meglio come è possibile stimare numericamente la probabilità di accadimento e la severity nell'ambito della valutazione del rischio nel trattamento dei dati personali: esistono metriche descritte nelle norme ? Es. se scala probabilità è da 1 a 5, considerare 1 se si verifica un evento ogni più di 20 anni, 2 se tra 10 e 20, ecc.. Analogamente si dovrebbe fare per la gravità di un evento: come quantificare l'entità del "danno" ? Credo che questo approccio possa trovare applicazione nel DPIA, quando previsto. 

  • EU GDPR in UK

    1. What about GDPR in the UK? Is it different from GDPR EU?
    2. How could I find the differences?

  • Implications of EU GDPR data security and company data

    What are the implications of EU GDPR data security and company data?

  • Are resources from law required to implement GDPR?

    1. Do we require any resources from law to implement GDPR?

    2. In addition to that, I wanted to know what are the main things to consider when we implement this GDPR

  • Lista contatti crm

    buongiorno, sono *** e mi occupo di Marketing all'interno dell'azienda ***, specializzata in campo metalmeccanico. attualmente abbiamo importato tutti i nostri contatti (clienti e lead) all'interno del ns crm. purtroppo questi contatti sono "sporchi" perchè mancano alcune informazioni riguardo gli stessi. a questo punto, vorremmo mandare a tutte le email presenti, una comunicazione del tipo "compilate i campi mancanti ecc" e ovviamente aggiungere una arte in cui chiediamo il consenso ai loro dati, e la richiesta di potergli inviare comunicazioni.
    volevamo quindi capire se la cosa è fattibile oppure dobbiamo rimuovere e ricoinciare da zero?
    la ringrazio dell'attenzione,
    cordiali saluti.

  • GDPR Implementation Questions

    I am *** Chief Technical architect from *** and I have a couple of questions about GDPR implementation in customers applications.

    1. In order to be compliant with GDPR the user has some rights that should be available by the different systems such as the right to delete the personal data, the right to rectify, the right to get a copy of his personal data, and so on.

    Are there any issues if these rights are implemented using defined processes with our customers and use database scripts to implement the required rights Instead of modifying each and every application to implement these rights?

    These database scripts will be included in the application deliverables.

    2. The right to be informed will be included in the cookies bar or a separate checkbox in the registration process or the consent signed by the employees using these applications, is that accepted?

    3. Would you please confirm that securing the data at rest can be achieved by applying security measures on the database access either physically (access to the physical server) or logically (access to the database tables) if it is on-premise?

    This is also applied on databases hosted on the cloud by the cloud providers and in this case we need a confirmation from the cloud provider that the servers are secured as required and confirm the required security measures.

    4. Securing the data at transit can be implemented by securing the communication channel (i.e. using HTTPS protocol, or SFTP if the personal data included in files) and securing any media used to backup or transfer the data

    5. Encryption of personal data in the databases is something that is recommended and it is not mandated by GDPR for securing user personal data at rest, please confirm

  • Handling data according to EU GDPR

    If we are coordinating a European project, and the data we collect is basic personal data (name, phone, email) from different EU city employees who take part in that project, are we, as a coordinator, responsible for how other project partners handle this data? i.e. the project makes us ensure that many partners also view this data (it wouldn't serve a purpose if we anonymize it) and then how can we control what the partner organisations do with this data, whether they delete it on time, etc.? so far we had a project document called DP management, where we would write down procedures, including that the data needs to be deleted after the project ends and so on. Is this enough to show our accountability as coordinators?

  • Does a small Biotech company need to have a DPO?

    I have a question for you. Does a small Biotech company need to have a DPO?

    Thanking you in advance.

  • Dealing with employee records when retention requirements are 3 or 7 years

    How does a business that keeps records and wants its employees to be held accountable deal with employee records when some contracts have retention requirements of 3 or 7 years?

  • Database tesi prova finale

    Sono un docente di Conservatorio di musica. Assieme a un nutrito gruppo di colleghi vorremmo realizzare un database consultabile online sul portale di una rivista di settore. Il database dovrebbe contenere alcuni dati relativi alle tesi presentate per la Prova finale al termine di un corso accademico. In particolare: titolo della tesi, oggetto di interesse, eventuali nomi di diplomandi e di relatori, nome dell'istituzione in cui si è tenuta la Prova. Si tratta di una iniziativa facilmente realizzabile? Quali adempimenti saremmo tenuti in caso a rispettare? Grazie

Page 22 of 97 pages