EU GDPR - Expert Advice Community



Create New Topic As guest or Sign in

HTML tags are not allowed

Assign topic to the user

  • DPIA, consent and other EU GDPR questions

    1.What documents in the  EU GDPR Premium Documentation Toolkit toolkit are mandatory?

    2.Usually how many DPIA does a medium size company need to perform?

    3.Can an employer ask consent from employees for sending their data outside the EU ?

    4.Is ISO27001 enough in terms of security measures?

    5.When does a company outside EU need to appoint a representative?

    6.Is it a specific formality?

  • DPO tasks and responsibilities

    I want to know what is an everyday work of a DPO.

  • GDPR and personal data handling

    Please help me with some questions I have regarding GDPR.
    1. What is the difference between consent and explicit consent?
    2. What is the time and usual procedure when receiving a deleting request? What are the limitations regarding the time to respond to a request?
    3. Do emails containing personal data need to be encrypted?
    4. If I want to make a complanit because my data is being used abusively where do I need to go?
  • GDPR compliance and data protection

    I have some questions that you may be able to help with.

    1. There is some suppliers like couriers that want to sign DPAs with us. Is this ok? Are couriers processors?
    2. Also since we want to start from January to work on our implementation how much time do you think we need? How about resources?
    3. Being a shipping company do we need to register?
    4. When we provide the notices to the crew members we are recruiting do they need to sign it?
    5. Are we allowed to keep the CVs for possible future arrangements?
    6. And if yes is there a time limit?
  • GDPR and impact assessment on data protection

    So we have this software where people make recommendation for friends to buy goods, and in the process of buying with credit card's etc customer information is disclosed. how can we make sure people don't use those info; to hack or etc other customers? In summary: like how do we protect customer data when a project went live.?
  • Data subject & DSAR

    1. Is having the data subject respond to an e-mail address on file with the Controller considered acceptable? 
    2. Has there been any further guidance as to the recommended methods to prove the identity of the data subject who is submitting a DSAR?  

  • EU GDPR Policies and procedures

    In relation to GDPR Policies and procedures, it is mandatory that you have to send to other companies who request it?

  • Data gathering for kindergartens and schools parties

    Dear sirs,

    I have a small seasonal business as organizing Santa Claus parties to kindergartens and schools. Thus, I get lists of personal data of the children (name, surname and age) to be able to personalize the gifts. Also I get personal data of the teachers for the same purposes.

    I would appreciate your help with the following:

    1. Are there any specific things that I need to include in the contract?

    2. According to the GDPR what is my company a controller or a processor?

    3. Do I need to register somewhere if I process personal data?

    4. Are there any specific requirements for handling data of children?

    5. During the events sometimes my crew takes pictures and posts it on social media. Are there any restrictions?

    6. How much time do I need to keep the lists whit the children`s names and age?

    Thank you

  • Data subjects’ consent in a mobile app

    I have a question on obtaining data subjects’ consent under GDPR in a mobile app (Android/iOS). The mobile app content is food and recipes:

    We want to activate this mobile app in some countries in pure English language, so the mobile app and the content is NOT translated to local language. Privacy Notice we provide, is indeed translated to local languages.

    But the screens in the app, where we want to ask the users of the mobile app for his consent, are in English.

    We have checked a huge number of other food/recipes apps in the app-stores, but haven’t found any app, where full app is in English, but consent screens are in local language.
    Also we see that as confusing, when an app is switching the language in the user experience of the app.

    The question is now, is there any rule, or is it mandatory from GDPR point of view, that the screen obtaining data subjects’ consent has to be also translated into local language ?

  • FOI legislation

    I've been looking at your materials with interest and have enjoyed your free training. 

    What I'd be interested to know is how your clients in the public sectors subject to FOI legislation handle your IPR. 

    Public authorities are subject to FOI and that could entail what policies and procedures they have in place. 

    Obviously, commercial interests, copyright laws, and confidentiality law can apply but often this is very limited in relation to the requirements for transparency.

    I'd be interested to hear your thoughts on this.

Page 3 of 66 pages