EU GDPR - Expert Advice Community

Is customer consent needed?

Hello, could you please advise if I need to ask for customer consent when using an application for delivering their projects like Jira or Microsoft office for example? Thank you in advance!

EU GDPR form and permission

I have to do a research project for my diploma and I am wondering what form do I need? The information will be kept locked away but I need to have permission to use the information to present my findings in a classroom but also in case a moderator wishes to see the work.
There are two individuals I wish to interview, the diploma I am doing is therapeutic counseling.

Data Protection Officer as a legal counsel

Audit of completed erasure

I have a GDPR question that’s not related to DPIAs and has been bugging me since I went through our GDPR documentation (from your kit – thank you 😊). 

We make software that is sold as a product but also offered SaaS. My question is related to the Right to Erasure. The product has a directory database in it which holds, at minimum, business contact details. 
By design, there is no reason for the directory to hold anything more, although we do allow custom fields to be labeled an populated with anything. We have a Privacy module that allows a nominated set of DP users (either the customer or our managed services team) to run a “forget” process. This anonymizes all data held in the SQL warehouse and directory relating to the forgotten person. 

The questions I have are:

1. Do we need to have an audit of a completed erasure?
2. If we have one and use the forgotten person’s name with no way to reverse engineer the process, is that compliant? 

My dev team wants to have an audit trail to demonstrate that the process has been performed, and that is my preference as well, but without the name, it is pretty pointless.

Preparing an e-mail policy

The case: I would need to prepare an “e-mail policy”, that should include aspects of e-mail use, sending e-mails containing personal data, may be, e-mail encryption, etc.
I guess, that these aspects should be mentioned somewhere in the integrated toolkit, but could not find easily.
Could you be so kind and point me to folder or document in the toolkit?

Double Option

1. Is double option mandatory In Europe and if yes where I can see in what countries it is?

2. To fulfill a form is always and in all the countries obligated to add the checkbox for marketing activities?

Cross-border Transfer of Personal Data

I have bought some of your GDPR templates and I am working through them now. I would like to know a bit more about cross-border transfer of personal data. We have good safeguards in place, but I need to know how this process should ideally be organized. Should we notify a DPA and get approval for the transfer? Is this always required and if so is there a preferred DPA or way to choose a DPA. Agreements that we sign with EU companies generally refer to England and Wales as governing law and this tends to be the preferred location for arbitration.

Destruction of printed confidential data

Hi, I'm trying to validate internal guidance I have been provided that says that in order to comply with ISO27001 we cannot use our own shredders to dispose of our own media but MUST use an outside company to do this? We currently have our own locked shredders and have appointed personnel to dispose of the shredded media via re-cycling.

GDPR and Data Subject Request flow

I want to know GDPR and Data Subject Request flow
how to process and flow and who approved for right to be forgotten, etc..?

How to become GDPR compliant?

How to become GDPR compliant, where can I store emails of customers/Clients? I would like to start an email database for my small business in order to have online bookings. How can I be sure I am compliant? Booking forms via Wordpress plug-in calendar, newsletter creation, and delivery. How do I create a GDPR pop up for the terms and conditions thereof?