EU GDPR - Expert Advice Community

Home / EU GDPR

Discussions

Top Contributors

Expert

Rhand Leal

4149
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 ISO 9001 Risk Assessment Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit Product: ISO 13485 Documentation Toolkit ISMS register of requirements Internal Audit Product: ISO 27001/Risk Assessment Table Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Certification ISO 14001
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Privacy notice or privacy policy

    Does EU GDPR mandate a company to maintain both privacy notice and internal-facing privacy policy?

  • Privacy notice & data retention

    Please help me with the following:

    1. Do we need a special privacy notice for all kinds of contact sources (website, email, etc..) or is one enough?

    2. In the Data Retention Policy - are the retention periods defined within this document?

    3. In the Inventory of Processing Activities - are there some examples of those processing activities given, or is this maybe covered with the email support - for example, if we ask the expert to give advice for that?

    4. What is the maximum amount of time to respond to data subject requests?

  • EU GDPR - DPO, DPIA & other questions

    I was wondering if you could help me with some GDPR related questions:

    1. How does an organization establish if it needs a DPO or no?

    2. Does the DPO need to be an employee or it can be outsourced as well?

    3. What would be the position of the DPO in the company organizational chart?

    4. What would be the job description applicable to the DPO?

    5. Is there any easy way to establish the duration of a GDPR compliance project?

    6. What is the difference between a DPIA and a PIA?

    7. When one needs to perform a DPIA?

    8. Are there any specific requirements in terms of encryption?

  • Data Privacy Notice & Inventory of Processing Activates

    Please help me with the following:

    1. Do we need a special privacy notice for all kinds of contact sources (website, email, etc..) or is one enough?

    2. In the Data Retention Policy - are the retention periods defined within this document?

    3. In the Inventory of Processing Activities - are there some examples of those processing activities given, or is this maybe covered with the email support - for example, if we ask the expert to give advice for that?

    4. What is the maximum amount of time to respond to data subject requests?

  • Personal data definition

    I did have a question about GDPR and was wondering if there is merit in it.
    By definition, you have clarified personal data as information related to an identifiable or identified natural person. My question is whether the same GDPR rules would apply to derived or interpreted personal data for a data subject? I don't know if this is a correct example, but let us say the sharing of an EMI value of a data subject.

  • A few EU GDPR questions before implementation

    Dear experts

    There are some issues regarding GDPR that I would appreciate your help with.

    1. Does every company need to have an Inventory of processing activities?

    2. How about a DPO?

    3. How does the GDPR apply to companies outside Europe?

    4. What is the biggest fine so far?

    5. Which would be the best way to present to the management the need to implement GDPR?

    6. How much time would it take a small company?

    Thanks

  • DPIA, consent and other EU GDPR questions

    1.What documents in the  EU GDPR Premium Documentation Toolkit toolkit are mandatory?

    2.Usually how many DPIA does a medium size company need to perform?

    3.Can an employer ask consent from employees for sending their data outside the EU ?

    4.Is ISO27001 enough in terms of security measures?

    5.When does a company outside EU need to appoint a representative?

    6.Is it a specific formality?

  • DPO tasks and responsibilities

    I want to know what is an everyday work of a DPO.

  • GDPR and personal data handling

    Please help me with some questions I have regarding GDPR.
    1. What is the difference between consent and explicit consent?
    2. What is the time and usual procedure when receiving a deleting request? What are the limitations regarding the time to respond to a request?
    3. Do emails containing personal data need to be encrypted?
    4. If I want to make a complanit because my data is being used abusively where do I need to go?

  • GDPR compliance and data protection

    I have some questions that you may be able to help with.

    1. There is some suppliers like couriers that want to sign DPAs with us. Is this ok? Are couriers processors?
    2. Also since we want to start from January to work on our implementation how much time do you think we need? How about resources?
    3. Being a shipping company do we need to register?
    4. When we provide the notices to the crew members we are recruiting do they need to sign it?
    5. Are we allowed to keep the CVs for possible future arrangements?
    6. And if yes is there a time limit?
Page 34 of 97 pages