EU GDPR - Expert Advice Community

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Assign topic to the user

  • Does GDPR applies just for European people?

    "I have a doubt, in the company which I work, we have clients of LATAM and all of their employees aren´t European people but our hosting is in Spain. If I understand very well GDPR applies just for European people, this is right?

  • Key technical security safeguards

    What are the key technical security safeguards that are mandatory to achieve compliance?

  • Compliance check: Controller with no establishment and/or representative in EEA - Data and processing happens within EEA

    Our company established in Australia is planning to run a global online classifieds website. We will also be servicing to data subjects in EEA in addition to data subjects outside EEA.

    We have no representatives or establishments in EEA. The data will be stored in Ireland and all of our servers will be in Ireland. We use a cloud hosting provider. We will never transfer data from Ireland to any third country.

    Will we still be compliant? If not, what should we do to be compliant?

  • GDPR queries

    1) What is the prime difference between ROPA & PIA?

    2) While assessing a vendor, once I am done with Information Risk Assessment Questionnaire, how would I be able to identify if i have to proceed with ROPA or PIA?

    3) I have created ROPA and PIa questionnaires and added below sections; do these makes sense or am I missing out on something?
    ROPA
    Contact Information
    Basic information on processing and responsibility
    Data Collection
    Purpose and legal basis of data processing
    Data transfers and recipients
    Standard period for data erasure
    Means of processing
    Groups with access authorization (simplified authorization concept)
    Technical and organizational measures (Art. 32 GDPR)
    Data portability

    PIA
    Business / Project Information
    General Information
    Attributes of the Data (use and accuracy)
    Sharing Practices
    Notice to Individuals to Decline/Consent Use
    Data sharing
    Access to Data (administrative and technological controls)
    Privacy Analysis
    Retention and Deletion

  • DPO, e-mail and transfer of data to third countries

    We are a German technology startup company approaching 20 employees spread over the world (Europe, Asia, Australia).

    Actually, I have three questions:
    1) I hear that if you have 20 employees with regular data processing activities, in Germany you are obliged to have a data protection officer. Is that right?

    2) To have an employee considered having regular data processing activities, it is sufficient to have access and work with MS Outlook, is that right?

    3) Following the ruling regarding the invalidation of Decision 2016/1250, I am very much confused with the requirements. Reading some of the publication of the edpb, it seems to me hardly feasible anymore to manage GDPR across a small multinational company. Any suggestions?

  • Recommendations regarding EU-US Privacy Shield

    What recommendations would you suggest for a small / Medium sized business in light of the recent decision by the ECJ regarding the EU-US Privacy Shield?

  • Data Protection Matrix

    I am to develop Data Protection Matrix for my organization. How do I go about it?

  • Cookies and pixels under EU GDPR

    1. Are pixels and cookie IDs regarded as personal data? 2. How can we cope with a deletion request if we cannot correlate a cookie ID with a specific person? 3. Do we have to delete the cookie IDs after a specific period of time? 4. Do we require consent to place cookies?
  • Personal vs. Generic emails regarding B2B email marketing

    I was curious to the similarities or differences there might be between the UK and Germany regarding privacy laws on the topic of email marketing in a B2B setting, specifically on what is considered a "generic" email address versus a "personal" email address in Germany and how those are handled in business to business email marketing.

  • Right to request deletion of all personal data

    I am an EU citizen and I'm having a bank account at an online financial cryptocurrency platform called *** located in ***, their partner bank is ***. I have requested account closure and I have no transactions in my account made. No history of transfers, nothing. Do I have the right to request the deletion of all my personal data as they are no longer necessary to be stored I assume? I want all data to be deleted.
Page 25 of 97 pages