EU GDPR - Expert Advice Community

07.7 - Data Subject Disclosure Form

I had a question about document 07.7 - Data Subject Disclosure Form

Is this form what we send back to the requester when we have completed our research into their request, or is this form for internal company information gathering?

Marketing activities to companies

I am unable to determine whether Limited companies are included in the restrictions or excluded. Also, are email addresses with a person's name and the company domain deemed to be personal of for company/business purposes

Risk assessment for GDPR

Hi Team,

I do have a question as part of our toolkit plan.

We have finished the risk assessment and treatment plan based on the 27001 approaches, which is asset-based.

In the webinar "How to integrate GDPR with ISO 27001" it was mentioned that recommended is combined "Risk Assessment" for 27001 and GDPR.

My question is in case you have template methodology that combines both approaches?
How do we need to augment current 27001 methodologies & template to be GDPR compliant?
Our current risk register includes assets of type "Processes/Services", which map with processing activities.

To confirm I am not speaking about DPIA, which is unique to GDPR.

Is there anything specific in GDPR that would require to extend methodology that is included in your 27001 templates?

E-privacy laws compliance

Hi, I'm trying to understand what my company needs to do to ensure we are compliant with e-privacy laws. Can you help? My company currently stores some personal data of clients and we use this data to send out communications like newsletters etc. I need to know what we should be doing to ensure we're compliant with the e-privacy laws in the EU?

EU GDPR Readiness Assessment - Supervisory Authority

1. In Q23, of EU GDPR Readiness Assessment
23) Is a process in place to ensure the appropriate supervisory authority is notified within 72 hours of a confirmed data breach?
Who would the "Supervisory Authority" be? If in the US, who? If in the EU who?

2. Basically, who is to be notified within 72 hours of a confirmed data breach? 

GDPR privacy policy - and Facebook

Hi - I have a small 'consulting" group, and I occasionally post various things I've done over the years that have done me well, and maybe some that didn't work out so well. I use referral links and network affiliate links and tell everyone that I will get compensation for them - but if they follow the directions on the site they can do the same, etc etc. do I need a GDPR policy somewhere, or do I just have to comply. It's a Facebook business page. I don't collect money or anything. I don't sell products.

Email Addresses, Public Domain and US, India and EU Data Protection

We are considering an email list campaign, where offer authors a list of active niche book bloggers and their email addresses. This information is highly sought after and might be considerably successful. That being said, the GDPR aspect is a potential roadblock. Most of these email addresses were on listed on their website, which leads me to believe it would be public domain and free to hand out. However, they are from different countries, primarily the US, the EU and India. Therefore, I am curious if this campaign would be a smart idea, legally speaking from a data standpoint.

I would be very eager to hear your thoughts on this.

Is customer consent needed?

Hello, could you please advise if I need to ask for customer consent when using an application for delivering their projects like Jira or Microsoft office for example? Thank you in advance!

EU GDPR form and permission

I have to do a research project for my diploma and I am wondering what form do I need? The information will be kept locked away but I need to have permission to use the information to present my findings in a classroom but also in case a moderator wishes to see the work.
There are two individuals I wish to interview, the diploma I am doing is therapeutic counseling.

Data Protection Officer as a legal counsel