Get a 20% discount on the first year of the Company Training Academy annual plan.
Limited-time offer – ends April 24, 2025
Use promo code:
CTA20

EU GDPR - Expert Advice Community

Home / EU GDPR

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit ISO 9001 Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS Internal Audit register of requirements Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Product: ISO 27001/Risk Assessment Table ISO 9001:2015 ISO27001
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Power of Attorney

    Do you know about procedure of giving Power of Attorney from controller to processor, to transfer data outside EU on behalf of controller?

  • Questions regarding GDPR

    I would very much appreciate some clarifications of the above: 

    1. Are there any available GDPR certifications?
    2. How do I start with mapping my processing activities?
    3. Is there any video surveillance policy available in the toolkits?
    4. I am negotiating with a Data Processing Contract with an insurance company. Are these companies controllers or processors?
    5. How can I best present a privacy notice? Do clients need to sign the notice

  • Privacy perspective for facial reconstitution software

    I want to set up a startup and develop a software for facial reconstitution.

    Are there any constraints from a privacy perspective? What do I need to consider before in the implementation stage? Is it required for us to have a DPO? We are planning to use AWS for storage is this OK or is better to keep the data in our own servers?Do we need to perform some kind of risk assessment before starting? How would ISO27001 help us?
    Any other advice would be much appreciated.

  • GDPR and Coronavirus

    We are an international university (and the university is also a city where everyone who works and studies also lives/resides).  As such, we are currently placing individuals who are returning from high risk areas (of the Coronavirus) or those whom have had contact with those in high risk areas (i.e., roommates) in quarantine.

    It would be great to receive some guidance on things we should be able to do in terms of GDPR in the context of:

    • Informing them we will place them in quarantine
    • Sharing information of those who are placed in quarantine  (we may for example send to housekeeping, their course instructors, etc.)

  • Information Security Policy vs. IT Security Policy

    I just have a question. The document IT Security Policy is included in the Premium Toolkit, but now requires an Information Security Policy from me What is the difference between the following 2 documents, or is there no difference between them and are these the same documents?
    • Information Security Policy
    • IT Security Policy

  • EU GDPR questions

    I run a small "haute" couture shop and I have some questions regarding sole GDPR aspects:

    1. Are the measurements taken for custom suites considered biometric data?
    2. If we collect the measurements and name and surname is there any information we need to provide the customers?
    3. We use CCTV in our shop are there any specific requirements?
    4. We use a contractor on XYZ where we sent the measurements to cut the clothes is this a transfer of personal data?
    5. Do we need to keep records for our activities?
    6. We also do marketing campaigns for our customers by telephone. Do we need consent?
    7. Can we collect the consent via telephone?
    8. Are we allowed to record the calls?
    9. Can we buy potential clients databases?

  • Accessing business CRM and customer data

    Hi, we are a small business that provide TV subscription for its customers. Customers' data are stored in CRM system run by 3rd party. As a financial controller and data processor (?) and authorized person to use CRM can I access customer's data freely ie what purchase individual made etc or any other reason that is required for business purposes without breaking GDPR rules? Basically I would like to make sure that I have the right to access customer information if needed.

  • GDPR & CE Mark

    Would you recommend for a medical device company that maintains a QMS system (under CE mark) to incorporate all GDPR changes inside the QMS? Are there subjects or areas that you would not want to be checked by the CE/QMS audit that relate to GDPR?

  • Joint responsibility

    I would like to have known whether it is possible that jointly responsible persons can assert a legitimate interest as a legal basis?

    Example: 4 independent organizations/companies want to share their customer and supplier data because they partially overlap. If one of the four companies wants to create a new customer, they should first be able to search in a joint program to determine whether it already exists so that they do not have to create it again. Each of these four companies can view this customer record and change it if necessary.

    Can I assert a legitimate interest here and say that it makes work easier for the four companies and also means data minimization?
    Thank you in advance for your help!

  • Accepting cookies with banners

     Hi, I would like to know in which cases it is mandatory to use a banner that allows visitors to my site to choose the type of cookies to accept (necessary, marketing and statistical)?

    In which cases instead of the classic banner where "continue browsing" is sufficiently interpreted as consent to all cookies?
Page 33 of 97 pages