Please select user.Assign
There are no topics yet.
1) What is the prime difference between ROPA & PIA?
2) While assessing a vendor, once I am done with Information Risk Assessment Questionnaire, how would I be able to identify if i have to proceed with ROPA or PIA?
3) I have created ROPA and PIa questionnaires and added below sections; do these makes sense or am I missing out on something?
Basic information on processing and responsibility
Purpose and legal basis of data processing
Data transfers and recipients
Standard period for data erasure
Means of processing
Groups with access authorization (simplified authorization concept)
Technical and organizational measures (Art. 32 GDPR)
Business / Project Information
Attributes of the Data (use and accuracy)
Notice to Individuals to Decline/Consent Use
Access to Data (administrative and technological controls)
Retention and Deletion
We are a German technology startup company approaching 20 employees spread over the world (Europe, Asia, Australia).
Actually, I have three questions:
1) I hear that if you have 20 employees with regular data processing activities, in Germany you are obliged to have a data protection officer. Is that right?
2) To have an employee considered having regular data processing activities, it is sufficient to have access and work with MS Outlook, is that right?
3) Following the ruling regarding the invalidation of Decision 2016/1250, I am very much confused with the requirements. Reading some of the publication of the edpb, it seems to me hardly feasible anymore to manage GDPR across a small multinational company. Any suggestions?
What recommendations would you suggest for a small / Medium sized business in light of the recent decision by the ECJ regarding the EU-US Privacy Shield?
I am to develop Data Protection Matrix for my organization. How do I go about it?
1. Are pixels and cookie IDs regarded as personal data?
2. How can we cope with a deletion request if we cannot correlate a cookie ID with a specific person?
3. Do we have to delete the cookie IDs after a specific period of time?
4. Do we require consent to place cookies?
I was curious to the similarities or differences there might be between the UK and Germany regarding privacy laws on the topic of email marketing in a B2B setting, specifically on what is considered a "generic" email address versus a "personal" email address in Germany and how those are handled in business to business email marketing.
I am an EU citizen and I'm having a bank account at an online financial cryptocurrency platform called *** located in ***, their partner bank is ***.
I have requested account closure and I have no transactions in my account made.
No history of transfers, nothing.
Do I have the right to request the deletion of all my personal data as they are no longer necessary to be stored I assume?
I want all data to be deleted.
I have a question for you concerning whether or not inspectors accept GxP and GDPR data stored in Azure. Is it safe?
Thanking you in advance
Hey, I would like to know who is controller and processor practically. Like I know what are the duties and responsibilities of these two.
But let's say if am developing a particular application on which I will collect personal data to fulfill the purpose of the application. So Do I have to appoint a controller or processor or is there any something like the founder or director, CEO, or legal advisor will act as a controller?
Data Transfer Agreement template (Referenced in Cross Border Transfer Procedure):
DTA for Controller -> Controller
DTA for Controller -> Processor
When to use which one?