EU GDPR - Expert Advice Community

GDPR Privacy querries

1. Having longitude and latitude i.e. G. location coordinates (and hence the home address t believe if I am not wrong) of some person be considered as Pll

2. Since Clouds like Amazon AWS have backups happening across the world to maintain a high availability and for BCP purposes, so I feel it's a fair assumption to thin, that AWS will he considering PrwacY laws Eke GDPR before sent. European resident Pll data to any other country outside Europe. Correct?

3. While doing assessment, Do I need to ask vendors to give me list of countries where the cloud is sending the backup data (containing PII) to, while thinking of pnvacy Logic being European resident data is going outside Europe ask if the cloud follow GDPR by having controls or not

4. Am I correct regarding applicability of GDPR in below practical life scenarios- a) European resident I not citizen) went to India and registered an account with Uber by giving his Pil and rode on cab So GDPR would NOT be applicable regarding handling of this European person. Correct, I think GDPR should be as law of land will prevail which is India in this case and not Europe.
Article 3 GDPR defines the territorial scope of GDPR and it is applicable to data processing taking place in the EU or from data controller located in the EU. Therefore, the EU citizen in India will not be under GDPR.
b) Indian resident went to Europe and registered an account with Uber Europe by giving PII and is currently doing a cab ride, so GDPR will be applicable as per what's written in the GDP. regulation. Correct?

5. Now the Indian resident has completed the trip and has gone back to India and left Europe. Will GDPR still protect his Pll data which is now residing in Europe?

6. Someone from India want to make a trip to Europe and thought of advance booking, so while sitting from India itself register an account by giving his PII on the website of some European tour operator with its data center in:  c.1) Europe - Will GDPR be applicable?  c.2) Outside Europe - Will GDPR be applicable?

7.  Will the time of the actual visit make any difference on GDPR applicability i.e. GDPR is ON only after the actual visit has happened and not before?

8. Since IP is a PII, so will even the Dynamic IP not static IP) be considered as PII? By the time the captured dynamic IP will. processed to find PII, the dynamic IP would have changed/expired

Requesting your guidance on these as I believe these will help me in understanding Privacy better

SAR

Hi, can I please have some advice on SAR regarding an employee and a grievance?

Privacy policy and GDPR docs

Hi, do i need to have privacy policy and GDPR docs on a website which is 'coming soon', just set up the landing page and getting users to register their interest by subscribing with just an email.

Question about LinkedIn and emails

My situation is that we are publishing a list of the top 25 UK figures in a specific technology. We would like to notify those figures that they've been chosen before we publish, but we have not been given their email addresses.

My questions are:
1) If we are able to obtain those email addresses from the public domain (but haven't been given explicit consent from the people to use those email addresses), is it admissible to email them in order to ask them if they want to be featured? Does this fall under 'legitimate interest'?
2) If we message these people on social media instead of emailing (i.e. LinkedIn and/or Twitter), but we are not currently 'connected' to them, is this admissible under GDPR?

EU GDPR compliance

1. will this help me make my websites (cookie bar, privacy policy, terms of service, shop, contact form and newsletter) form fully compliant?

2. Do I have full support in all the above steps or there is any limitation in terms of the times I can ask?

3. And since my websites are visited and used by people from all over the world, do I have to comply with other non-EU countries regulation too? Or is GDPR implementation enough to these countries?
I am asking this, because maybe there is need of another package to buy.

GDPR consent and scope identification

Hi i want your help to implement consent management in the following scenario additionally please help to identify SCOPE as well:

ABC company offers freight and logistic management application to UK business. application allows creation of admin user and then administrator creates multiple user in the application. Administrator created/assigned username and password are then used by corresponding staff to carry out there task/access the application. during this process (name, email id, username and password ) details are stored in Azure hosting server (maintained by Administrator). so, how the consent management should be implemented and complied in the application. (is it require to maintain consent for administrator only or for all the users having access to application) or not at all. during the process of accessing the application end user IP and location is also stored in application. application is build based on the requirement from UK based business and not published on ABC's website. so how to identify scope. as i am not sure whether gdpr can be applied to only specific product of the organization and not whole organization.

Appropriateness of requiring people to give their name/email in order to download special content from website

Could you send me more information on your opinion on the appropriateness of requiring people to give us their name/email in order to download special content from our website? I’ve run into several different views on this issue, some of which are fine with it, and others opposed. In the webinar this morning, it appeared that you think this runs afoul of the voluntary consent requirements.

Exceptions in the application of the EU GDPR

GDPR data in Microsoft office

what are your thoughts about GDPR data in Microsoft office (onedrive, SharePoint, azure)? is it acceptable ?

Asking for subscription consent with first newsletter

We are planning to send out a newsletter and we have a lot of contacts and we want to keep them up to date. We didn't really ask them if they wanted us to contact them and if they wanted the newsletter. We are planning to first contact them and ask them if they wish for us to keep them up to date via newsletter. Is this compliant with EU GDPR and is it legal within the EU?