EU GDPR - Expert Advice Community

EU GDPR DPO Course - Retention Schedule - Module 4

For a data retention schedule, is the presenter saying that the plan may include archival of data "in-line with specifications" or that, as an example, in line specifications may be archived. If so, can you define "in-line specifications"?

GDPR and the relation whit CCPA

I need some advice on how to manage both CCPA and GDPR.

Employment matter

I am a Social Worker working in a local authority through a recruitment agency. When I got a pay increase my recruitment agency did not make me aware of this. Given that they refused to provide the evidence as to when my pay rate was increased, I requested for access to records. My agency refused to provide this. I decided to change to a different agency. The middleman between my agency and the Local Authority I worked with said that they cannot allow me to change to another agency because my recruitment agency has not breached my employment right. I would like to know if the middleman is right or whether my recruitment agency has breached any law. Has my agency breached right to access under GDPR

Purpose of a company´s Data Protection Policy

Which of the following is the purpose of a company´s Data Protection Policy?

1. A Data Protection Policy allows the company to guide its employees on key aspects of GDPR that are applicable to the company.
2. A Data Protection Policy allows the company to demonstrate transparency towards its clients.
3. A Data Protection Policy allows the company to formulate data protection principles in line with the GDPR.
4. All of the above.

I picked the ‘first answer’ during the exam because as stated in the course material practice exam p.64 ‘A Data Protection Policy is defined by the company to provide its employees with a relevant interpretation of GDPR in the context of the company’. The second answers ‘demonstrate transparency towards its clients’ is incorrect because Data Protection Policy is an internal document (course material p.62) and demonstrate transparency towards its client is the purpose of Privacy Notice (course material Module 3 p.17) not Data Protection Policy. The third answer is somewhat correct according to course material p.62 but not totally as the company is not formulating new principles in line with GDPR, it is applying already existed GDPR principles (requirements) to the company’s processing activities. But again there wasn’t an option in the exam for me to pick 2 right answers.

Could you please confirm the intent of this question? Or if it was a technical error on the exam question setup to pick more than 1 answer?

Legal basis and contracts

Do I require to make consent forms if I'm working on a contractual legal basis?

Data deletion request

I have a question regarding a data deletion request -  once we delete all the data do we need to inform the data subject that the deletion has been done? Is there an official form that we need to send the data subject? Or anything we should do or be aware of?

GDPR in software development and blockchain

We are developing a mobile app where we scan documents, ask for data in forms and use blockchain.

We want to make sure we comply with GDPR. Especially around:
-data retention, is hashing data enough?
-anonymized vs pseudonymized. Are we understanding it correctly?
-data access by personell. Is it ok that developers and database admin can see some of the data
-how to know when data is misused, mis-accessed, or breached
-are we a data processor or controller?

Encrypting customer data

"I want to understand if as per GDPR compliance if we need to encrypt customer data while storing in Database?

Data capture

My boss wants me to send an introduction email to try and secure more business from a list of emails the sales team have given him but I have told him we cannot send an email campaign without getting proven opt in from them. Am I correct?

House Planning Application