Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Questions regarding GDPR
I would very much appreciate some clarifications of the above:
- Are there any available GDPR certifications?
- How do I start with mapping my processing activities?
- Is there any video surveillance policy available in the toolkits?
- I am negotiating with a Data Processing Contract with an insurance company. Are these companies controllers or processors?
- How can I best present a privacy notice? Do clients need to sign the notice
-
Privacy perspective for facial reconstitution software
I want to set up a startup and develop a software for facial reconstitution.
Are there any constraints from a privacy perspective? What do I need to consider before in the implementation stage? Is it required for us to have a DPO? We are planning to use AWS for storage is this OK or is better to keep the data in our own servers?Do we need to perform some kind of risk assessment before starting? How would ISO27001 help us?
Any other advice would be much appreciated. -
GDPR and Coronavirus
We are an international university (and the university is also a city where everyone who works and studies also lives/resides). As such, we are currently placing individuals who are returning from high risk areas (of the Coronavirus) or those whom have had contact with those in high risk areas (i.e., roommates) in quarantine.
It would be great to receive some guidance on things we should be able to do in terms of GDPR in the context of:
- Informing them we will place them in quarantine
- Sharing information of those who are placed in quarantine (we may for example send to housekeeping, their course instructors, etc.)
-
Information Security Policy vs. IT Security Policy
I just have a question. The document IT Security Policy is included in the Premium Toolkit, but now requires an Information Security Policy from me What is the difference between the following 2 documents, or is there no difference between them and are these the same documents?- Information Security Policy
- IT Security Policy
-
EU GDPR questions
I run a small "haute" couture shop and I have some questions regarding sole GDPR aspects:
- Are the measurements taken for custom suites considered biometric data?
- If we collect the measurements and name and surname is there any information we need to provide the customers?
- We use CCTV in our shop are there any specific requirements?
- We use a contractor on XYZ where we sent the measurements to cut the clothes is this a transfer of personal data?
- Do we need to keep records for our activities?
- We also do marketing campaigns for our customers by telephone. Do we need consent?
- Can we collect the consent via telephone?
- Are we allowed to record the calls?
- Can we buy potential clients databases?
-
Accessing business CRM and customer data
Hi, we are a small business that provide TV subscription for its customers. Customers' data are stored in CRM system run by 3rd party. As a financial controller and data processor (?) and authorized person to use CRM can I access customer's data freely ie what purchase individual made etc or any other reason that is required for business purposes without breaking GDPR rules? Basically I would like to make sure that I have the right to access customer information if needed.
-
GDPR & CE Mark
Would you recommend for a medical device company that maintains a QMS system (under CE mark) to incorporate all GDPR changes inside the QMS? Are there subjects or areas that you would not want to be checked by the CE/QMS audit that relate to GDPR? -
Joint responsibility
I would like to have known whether it is possible that jointly responsible persons can assert a legitimate interest as a legal basis?
Example: 4 independent organizations/companies want to share their customer and supplier data because they partially overlap. If one of the four companies wants to create a new customer, they should first be able to search in a joint program to determine whether it already exists so that they do not have to create it again. Each of these four companies can view this customer record and change it if necessary.
Can I assert a legitimate interest here and say that it makes work easier for the four companies and also means data minimization?
Thank you in advance for your help! -
Accepting cookies with banners
Hi, I would like to know in which cases it is mandatory to use a banner that allows visitors to my site to choose the type of cookies to accept (necessary, marketing and statistical)?
In which cases instead of the classic banner where "continue browsing" is sufficiently interpreted as consent to all cookies?
-
EU GDPR questions
I am new to the GDPR field and I would ask for your help understanding better. How can an authority in the EU fine a company in India or another country outside the EU? Do you have some materials to help me understand how to start a GDPR program? Do you have some materials that I could present to the management of the company to make them aware of the GDPR? If we have access to data of EU users do we need to do anything special? We usually get data from EU companies and we do data cleaning removing duplicates. We also receive some personal data from our clients' employees when they enter tickets. Is there something specific to consider? How much time do we need to keep the personal data? Are some specific security measures to be deployed? Can you recommend a site to get GDPR updates? Also, we received a request from a client to present out Records of Processing Activities. What are these? Do we need to have them?