EU GDPR - Expert Advice Community

Compliance checklist and mapping controls

Just need to ask about easily compliance checklist for GDPR, and it's mapping controls with PCI-DSS and ISO 27001

Parental information

We are a University and when prospective students signs up for an Open Day they can enter their parents contact information. When you click on the register on this link at the bottom you’ll see this message    
We want to use these parents email address for google display advertising to send them to our website. How can we do this? As they won’t necessarily be aware that their child has entered their email address.

Power of Attorney

Do you know about procedure of giving Power of Attorney from controller to processor, to transfer data outside EU on behalf of controller?

Questions regarding GDPR

I would very much appreciate some clarifications of the above: 

1. Are there any available GDPR certifications?
2. How do I start with mapping my processing activities?
3. Is there any video surveillance policy available in the toolkits?
4. I am negotiating with a Data Processing Contract with an insurance company. Are these companies controllers or processors?
5. How can I best present a privacy notice? Do clients need to sign the notice

Privacy perspective for facial reconstitution software

I want to set up a startup and develop a software for facial reconstitution.

Are there any constraints from a privacy perspective? What do I need to consider before in the implementation stage? Is it required for us to have a DPO? We are planning to use AWS for storage is this OK or is better to keep the data in our own servers?Do we need to perform some kind of risk assessment before starting? How would ISO27001 help us?
Any other advice would be much appreciated.

GDPR and Coronavirus

We are an international university (and the university is also a city where everyone who works and studies also lives/resides).  As such, we are currently placing individuals who are returning from high risk areas (of the Coronavirus) or those whom have had contact with those in high risk areas (i.e., roommates) in quarantine.

It would be great to receive some guidance on things we should be able to do in terms of GDPR in the context of:

• Informing them we will place them in quarantine
• Sharing information of those who are placed in quarantine  (we may for example send to housekeeping, their course instructors, etc.)

Information Security Policy vs. IT Security Policy

• Information Security Policy
• IT Security Policy

EU GDPR questions

I run a small "haute" couture shop and I have some questions regarding sole GDPR aspects:

1. Are the measurements taken for custom suites considered biometric data?
2. If we collect the measurements and name and surname is there any information we need to provide the customers?
3. We use CCTV in our shop are there any specific requirements?
4. We use a contractor on XYZ where we sent the measurements to cut the clothes is this a transfer of personal data?
5. Do we need to keep records for our activities?
6. We also do marketing campaigns for our customers by telephone. Do we need consent?
7. Can we collect the consent via telephone?
8. Are we allowed to record the calls?
9. Can we buy potential clients databases?

Accessing business CRM and customer data

Hi, we are a small business that provide TV subscription for its customers. Customers' data are stored in CRM system run by 3rd party. As a financial controller and data processor (?) and authorized person to use CRM can I access customer's data freely ie what purchase individual made etc or any other reason that is required for business purposes without breaking GDPR rules? Basically I would like to make sure that I have the right to access customer information if needed.

GDPR & CE Mark