EU GDPR - Expert Advice Community



Create New Topic As guest or Sign in

HTML tags are not allowed

Assign topic to the user

  • GDPR queries

    1) What is the prime difference between ROPA & PIA?

    2) While assessing a vendor, once I am done with Information Risk Assessment Questionnaire, how would I be able to identify if i have to proceed with ROPA or PIA?

    3) I have created ROPA and PIa questionnaires and added below sections; do these makes sense or am I missing out on something?
    Contact Information
    Basic information on processing and responsibility
    Data Collection
    Purpose and legal basis of data processing
    Data transfers and recipients
    Standard period for data erasure
    Means of processing
    Groups with access authorization (simplified authorization concept)
    Technical and organizational measures (Art. 32 GDPR)
    Data portability

    Business / Project Information
    General Information
    Attributes of the Data (use and accuracy)
    Sharing Practices
    Notice to Individuals to Decline/Consent Use
    Data sharing
    Access to Data (administrative and technological controls)
    Privacy Analysis
    Retention and Deletion

  • DPO, e-mail and transfer of data to third countries

    We are a German technology startup company approaching 20 employees spread over the world (Europe, Asia, Australia).

    Actually, I have three questions:
    1) I hear that if you have 20 employees with regular data processing activities, in Germany you are obliged to have a data protection officer. Is that right?

    2) To have an employee considered having regular data processing activities, it is sufficient to have access and work with MS Outlook, is that right?

    3) Following the ruling regarding the invalidation of Decision 2016/1250, I am very much confused with the requirements. Reading some of the publication of the edpb, it seems to me hardly feasible anymore to manage GDPR across a small multinational company. Any suggestions?

  • Recommendations regarding EU-US Privacy Shield

    What recommendations would you suggest for a small / Medium sized business in light of the recent decision by the ECJ regarding the EU-US Privacy Shield?

  • Data Protection Matrix

    I am to develop Data Protection Matrix for my organization. How do I go about it?

  • Cookies and pixels under EU GDPR

    1. Are pixels and cookie IDs regarded as personal data?

    2. How can we cope with a deletion request if we cannot correlate a cookie ID with a specific person?

    3. Do we have to delete the cookie IDs after a specific period of time?

    4. Do we require consent to place cookies?

  • Personal vs. Generic emails regarding B2B email marketing

    I was curious to the similarities or differences there might be between the UK and Germany regarding privacy laws on the topic of email marketing in a B2B setting, specifically on what is considered a "generic" email address versus a "personal" email address in Germany and how those are handled in business to business email marketing.

  • Right to request deletion of all personal data

    I am an EU citizen and I'm having a bank account at an online financial cryptocurrency platform called *** located in ***, their partner bank is ***.

    I have requested account closure and I have no transactions in my account made.
    No history of transfers, nothing.

    Do I have the right to request the deletion of all my personal data as they are no longer necessary to be stored I assume?
    I want all data to be deleted.

  • GDPR data in Azure

    I have a question for you concerning whether or not inspectors accept GxP and GDPR data stored in Azure. Is it safe?
    Thanking you in advance

  • Question related to Controller and Processor with respect to GDPR

    Hey, I would like to know who is controller and processor practically. Like I know what are the duties and responsibilities of these two.
    But let's say if am developing a particular application on which I will collect personal data to fulfill the purpose of the application. So Do I have to appoint a controller or processor or is there any something like the founder or director, CEO, or legal advisor will act as a controller?

  • Filling templates

    Data Transfer Agreement template (Referenced in Cross Border Transfer Procedure):
    DTA for Controller -> Controller
    DTA for Controller -> Processor
    When to use which one?

Page 3 of 75 pages