EU GDPR - Expert Advice Community

Cookies after blocking them

I have a website ***.

I made a proper (as I think) Privacy and Cookie Policy, as well as Terms of Use. Also, there is a Cookie contest, which is visible to all the users and allows them to block the cookies.

An open-source service "cookie bot" says the website is GPRS compliant. But I still see some cookies in my browser and am afraid that my users will be not satisfied with this.

How can I fix it?

Which tool to use for unstructured data?

I came to know that in the email body if there is some personal data like address then it is called unstructured data. Kindly guide me a tool for GDPR purpose so that I can use to learn and implement GDPR.

Default legal position around data transfers under German Laws

I am trying to find the default legal position around data transfers under the German Laws. In the UK, if a contract says that parties shall comply with the position of the DPA. It means that parties can transfer data amongst its affiliates if the parties have one of the EU  the approved transfer mechanisms in place. Therefore I want to determine what German law enables/ permits this. Is it something you can assist with?

Sensitive data requested for refund processing

A company owes me a refund and in order for this to happen they are requesting the following:

"send a copy of the front of your debit card plus either a copy of your passport, driving license or Utility bill dated within the last 3 months.

Unfortunately our accounts team are unable to process the refund without these."

I am not happy providing any of this and do not think this is needed for a refund. Can you please advise?

Need of keeping data beyond each specific project

We are very small. We do not keep data beyond each specific project. Do we need to do this?

ISO standard and GDPR

1. How can ISO27701 (Privacy Information Management System) help comply with GDPR?

2. What are the similarities and differences in both of them?

GDPR vs. EU Dir 95/46/EC

I am trying to find out if EU Directive 95/46/EC still exists or if it has been formally replaced by GDPR.

Importance of data quality and data protection

1. Why are data quality and data protection important in the organization?
2. When considering information data management as a business resource that needs to be governed. What should this governance ensure?
3. Using data from your data lake what do you need to consider related to GDPR?

Using customer's data from the questionnaire

I am looking to do a questionnaire and from that ask people for their email address for further contact if they're happy with that. I would not use their email address for anything else other than the purposes set in my questionnaire. Under GDPR ruling, is this allowed?

IS Cross Border Personal Data Transfer Procedure actual according to GDPR?

In the process of the implementation of the Cross Border Personal Data Transfer Procedure, please clarify if the section below is still actual according to the GDPR and repealing Directive 95/46/EC.

2. Definitions
Data Importer - the Processor established in a third country who agrees to receive, from the data exporter, personal data intended for processing on the data exporter’s behalf after the transfer, in accordance with his instructions and the terms of applicable laws, and who is not subject to a third country’s system ensuring adequate protection within the meaning of Article 25(1) of Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.