EU GDPR - Expert Advice Community

Retaining personal information

I was trying to find the key stakeholders under GDPR.
GDPR doesn't set a timeline on how long you must retain personal information of an employee, but what if we want to hold some of their information for auditing purposes, will this be allowed?

Privacy Policy for internal Employees and Privacy notice on Website

I am confused between the content of the Privacy Policy for internal Employees and The content of the Privacy notice on Website.

Consent of Conference/Online and In-Person Attendees/GDPR

I am working on some terms and conditions for attendance to our online education programs and also in person educational conferences. Some of our members/attendees are protected by GDPR as far as their data/live in the UK. We ask all attendees to accept the terms of registration for the conference to register and attend. If they don't accept - they can't register (it's a contract). As a part of the terms, we require that attendees consent to granting our organization a worldwide, unlimited, perpetual license to use photos/videos and comments from them with regard to the event they attend. We later use these materials in our marketing and education programs.

Does what we are asking conflict with GDPR protections? The reason I ask is because from what I am reading under GDPR, an agency cannot require this kind of consent from a data subject as a term of a contract that, if the data subject does not consent, it's to the subject's detriment.

In the case of my example, the conference attendees/data subjects must attend in order to gain the clinical certifications they are seeking.

Maybe GDPR doesn't govern this type of thing??? But I want to be extra careful and also - we don't want to violate anyone's rights.

Thank you so much!

Personal Data Protection Policy

Hello, I am looking for the Article in GDPR, where it is defined, that a documented Personal Data Protection Policy is mandatory to be compliant. Advisera is referring to Article 24. Isn't a documented DPIA sufficient?

Migrated mailbox and keeping the copy of the mailbox

I am writing to you regarding mailbox migration and keeping the copy for later.
Is it allowed by ISO and GDPR?

SAR REQUEST UNDER GDPR

Hi help me please,
Do you know who to contact to request for SAR under GDPR from Google UK?

DPIA for COVID-19 Remote Work Environment

We are existing customer with GDPR DPO Certification & GDPR/ISO 27000 Toolkit --> Question: Is there any documentation on how to perform DPIA for home workers during COVID-19 pandemic?

GDPR applicability in the UK

Does that mean since UK is no longer under EU, that means GDPR does not apply to them anymore?

Data protection and using WhatsApp

I work for a mental health charity. My staff are now working from home. Can you give me any guidance on what I should be advising? Also is it safe for staff to communicate with clients via WhatsApp?

EU GDPR DPO Course - Retention Schedule - Module 4

For a data retention schedule, is the presenter saying that the plan may include archival of data "in-line with specifications" or that, as an example, in line specifications may be archived. If so, can you define "in-line specifications"?