EU GDPR - Expert Advice Community

Home / EU GDPR

Discussions

Top Contributors

Expert

Rhand Leal

4148
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 ISO 9001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS register of requirements Internal Audit Product: ISO 27001/Risk Assessment Table Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Certification ISO 14001
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Audit of completed erasure

    I have a GDPR question that’s not related to DPIAs and has been bugging me since I went through our GDPR documentation (from your kit – thank you 😊). 

    We make software that is sold as a product but also offered SaaS. My question is related to the Right to Erasure. The product has a directory database in it which holds, at minimum, business contact details. 
    By design, there is no reason for the directory to hold anything more, although we do allow custom fields to be labeled an populated with anything. We have a Privacy module that allows a nominated set of DP users (either the customer or our managed services team) to run a “forget” process. This anonymizes all data held in the SQL warehouse and directory relating to the forgotten person. 

    The questions I have are:

    1. Do we need to have an audit of a completed erasure?
    2. If we have one and use the forgotten person’s name with no way to reverse engineer the process, is that compliant? 

    My dev team wants to have an audit trail to demonstrate that the process has been performed, and that is my preference as well, but without the name, it is pretty pointless.

  • Preparing an e-mail policy

    The case: I would need to prepare an “e-mail policy”, that should include aspects of e-mail use, sending e-mails containing personal data, may be, e-mail encryption, etc.
    I guess, that these aspects should be mentioned somewhere in the integrated toolkit, but could not find easily.
    Could you be so kind and point me to folder or document in the toolkit?

  • Double Option

    1. Is double option mandatory In Europe and if yes where I can see in what countries it is?

    2. To fulfill a form is always and in all the countries obligated to add the checkbox for marketing activities?

  • Cross-border Transfer of Personal Data

    I have bought some of your GDPR templates and I am working through them now. I would like to know a bit more about cross-border transfer of personal data. We have good safeguards in place, but I need to know how this process should ideally be organized. Should we notify a DPA and get approval for the transfer? Is this always required and if so is there a preferred DPA or way to choose a DPA. Agreements that we sign with EU companies generally refer to England and Wales as governing law and this tends to be the preferred location for arbitration.

  • Destruction of printed confidential data

    Hi, I'm trying to validate internal guidance I have been provided that says that in order to comply with ISO27001 we cannot use our own shredders to dispose of our own media but MUST use an outside company to do this? We currently have our own locked shredders and have appointed personnel to dispose of the shredded media via re-cycling.

  • GDPR and Data Subject Request flow

    I want to know GDPR and Data Subject Request flow
    how to process and flow and who approved for right to be forgotten, etc..?

  • How to become GDPR compliant?

    How to become GDPR compliant, where can I store emails of customers/Clients? I would like to start an email database for my small business in order to have online bookings. How can I be sure I am compliant? Booking forms via Wordpress plug-in calendar, newsletter creation, and delivery. How do I create a GDPR pop up for the terms and conditions thereof?

  • GDPR compliance

    Hi - I do architectural plans for clients and I want to put all my projects online for future clients to browse. If I give no information on the clients, will this be GDPR compliant? If I give the address of the project, and all keep clients anonymous by name, well this be GDPR compliant?

  • The travel agencies services for the employees of other company

    Our company organized the public procurement process to provide business trip services (an insurance policy, the hotel reservation, the purchase of flight tickets and so on) for our employees. Our company transfers by email the data of employees to a winner – a travel agency and transfers the travel documents, prepared by the travel agency, to employees back. Who is a data controller and a data processor in that case?

  • Data controller or data processor

    Our company has signed an agreement with IT company for IT support services - to upgrade configuration of our internal ingformation management system and to provide IT support in the case of trouble. It is necessary for The IT company to get remote access to the system, including access to the personal data of employees. The IT company doesn't make any copies or any other actions with personal data. Is the IT company a data processor and do we have to sign an agreement between data controller and data processor according to the GDPR 28 article? Or, maybe it could be another kind of relationships concerning data protection between our company and IT company?
Page 29 of 97 pages