Get a 20% discount on the first year of the Company Training Academy annual plan.
Limited-time offer – ends April 24, 2025
Use promo code:
CTA20

EU GDPR - Expert Advice Community

Home / EU GDPR

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit ISO 9001 Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS Internal Audit register of requirements Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Product: ISO 27001/Risk Assessment Table ISO 9001:2015 ISO27001
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • EU GDPR questions

    I am new to the GDPR field and I would ask for your help understanding better. How can an authority in the EU fine a company in India or another country outside the EU? Do you have some materials to help me understand how to start a GDPR program? Do you have some materials that I could present to the management of the company to make them aware of the GDPR? If we have access to data of EU users do we need to do anything special? We usually get data from EU companies and we do data cleaning removing duplicates. We also receive some personal data from our clients' employees when they enter tickets. Is there something specific to consider? How much time do we need to keep the personal data? Are some specific security measures to be deployed? Can you recommend a site to get GDPR updates? Also, we received a request from a client to present out Records of Processing Activities. What are these? Do we need to have them?

  • Privacy notice or privacy policy

    Does EU GDPR mandate a company to maintain both privacy notice and internal-facing privacy policy?

  • Privacy notice & data retention

    Please help me with the following:

    1. Do we need a special privacy notice for all kinds of contact sources (website, email, etc..) or is one enough?

    2. In the Data Retention Policy - are the retention periods defined within this document?

    3. In the Inventory of Processing Activities - are there some examples of those processing activities given, or is this maybe covered with the email support - for example, if we ask the expert to give advice for that?

    4. What is the maximum amount of time to respond to data subject requests?

  • EU GDPR - DPO, DPIA & other questions

    I was wondering if you could help me with some GDPR related questions:

    1. How does an organization establish if it needs a DPO or no?

    2. Does the DPO need to be an employee or it can be outsourced as well?

    3. What would be the position of the DPO in the company organizational chart?

    4. What would be the job description applicable to the DPO?

    5. Is there any easy way to establish the duration of a GDPR compliance project?

    6. What is the difference between a DPIA and a PIA?

    7. When one needs to perform a DPIA?

    8. Are there any specific requirements in terms of encryption?

  • Data Privacy Notice & Inventory of Processing Activates

    Please help me with the following:

    1. Do we need a special privacy notice for all kinds of contact sources (website, email, etc..) or is one enough?

    2. In the Data Retention Policy - are the retention periods defined within this document?

    3. In the Inventory of Processing Activities - are there some examples of those processing activities given, or is this maybe covered with the email support - for example, if we ask the expert to give advice for that?

    4. What is the maximum amount of time to respond to data subject requests?

  • Personal data definition

    I did have a question about GDPR and was wondering if there is merit in it.
    By definition, you have clarified personal data as information related to an identifiable or identified natural person. My question is whether the same GDPR rules would apply to derived or interpreted personal data for a data subject? I don't know if this is a correct example, but let us say the sharing of an EMI value of a data subject.

  • A few EU GDPR questions before implementation

    Dear experts

    There are some issues regarding GDPR that I would appreciate your help with.

    1. Does every company need to have an Inventory of processing activities?

    2. How about a DPO?

    3. How does the GDPR apply to companies outside Europe?

    4. What is the biggest fine so far?

    5. Which would be the best way to present to the management the need to implement GDPR?

    6. How much time would it take a small company?

    Thanks

  • DPIA, consent and other EU GDPR questions

    1.What documents in the  EU GDPR Premium Documentation Toolkit toolkit are mandatory?

    2.Usually how many DPIA does a medium size company need to perform?

    3.Can an employer ask consent from employees for sending their data outside the EU ?

    4.Is ISO27001 enough in terms of security measures?

    5.When does a company outside EU need to appoint a representative?

    6.Is it a specific formality?

  • DPO tasks and responsibilities

    I want to know what is an everyday work of a DPO.

  • GDPR and personal data handling

    Please help me with some questions I have regarding GDPR.
    1. What is the difference between consent and explicit consent?
    2. What is the time and usual procedure when receiving a deleting request? What are the limitations regarding the time to respond to a request?
    3. Do emails containing personal data need to be encrypted?
    4. If I want to make a complanit because my data is being used abusively where do I need to go?
Page 34 of 97 pages