Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Joint responsibility
I would like to have known whether it is possible that jointly responsible persons can assert a legitimate interest as a legal basis?
Example: 4 independent organizations/companies want to share their customer and supplier data because they partially overlap. If one of the four companies wants to create a new customer, they should first be able to search in a joint program to determine whether it already exists so that they do not have to create it again. Each of these four companies can view this customer record and change it if necessary.
Can I assert a legitimate interest here and say that it makes work easier for the four companies and also means data minimization?
Thank you in advance for your help! -
Accepting cookies with banners
Hi, I would like to know in which cases it is mandatory to use a banner that allows visitors to my site to choose the type of cookies to accept (necessary, marketing and statistical)?
In which cases instead of the classic banner where "continue browsing" is sufficiently interpreted as consent to all cookies?
-
EU GDPR questions
I am new to the GDPR field and I would ask for your help understanding better. How can an authority in the EU fine a company in India or another country outside the EU? Do you have some materials to help me understand how to start a GDPR program? Do you have some materials that I could present to the management of the company to make them aware of the GDPR? If we have access to data of EU users do we need to do anything special? We usually get data from EU companies and we do data cleaning removing duplicates. We also receive some personal data from our clients' employees when they enter tickets. Is there something specific to consider? How much time do we need to keep the personal data? Are some specific security measures to be deployed? Can you recommend a site to get GDPR updates? Also, we received a request from a client to present out Records of Processing Activities. What are these? Do we need to have them? -
Privacy notice or privacy policy
Does EU GDPR mandate a company to maintain both privacy notice and internal-facing privacy policy?
-
Privacy notice & data retention
Please help me with the following:
1. Do we need a special privacy notice for all kinds of contact sources (website, email, etc..) or is one enough?
2. In the Data Retention Policy - are the retention periods defined within this document?
3. In the Inventory of Processing Activities - are there some examples of those processing activities given, or is this maybe covered with the email support - for example, if we ask the expert to give advice for that?
4. What is the maximum amount of time to respond to data subject requests?
-
EU GDPR - DPO, DPIA & other questions
I was wondering if you could help me with some GDPR related questions:
1. How does an organization establish if it needs a DPO or no?
2. Does the DPO need to be an employee or it can be outsourced as well?
3. What would be the position of the DPO in the company organizational chart?
4. What would be the job description applicable to the DPO?
5. Is there any easy way to establish the duration of a GDPR compliance project?
6. What is the difference between a DPIA and a PIA?
7. When one needs to perform a DPIA?
8. Are there any specific requirements in terms of encryption?
-
Data Privacy Notice & Inventory of Processing Activates
Please help me with the following:
1. Do we need a special privacy notice for all kinds of contact sources (website, email, etc..) or is one enough?
2. In the Data Retention Policy - are the retention periods defined within this document?
3. In the Inventory of Processing Activities - are there some examples of those processing activities given, or is this maybe covered with the email support - for example, if we ask the expert to give advice for that?
4. What is the maximum amount of time to respond to data subject requests?
-
Personal data definition
I did have a question about GDPR and was wondering if there is merit in it.
By definition, you have clarified personal data as information related to an identifiable or identified natural person. My question is whether the same GDPR rules would apply to derived or interpreted personal data for a data subject? I don't know if this is a correct example, but let us say the sharing of an EMI value of a data subject. -
A few EU GDPR questions before implementation
Dear experts
There are some issues regarding GDPR that I would appreciate your help with.
1. Does every company need to have an Inventory of processing activities?
2. How about a DPO?
3. How does the GDPR apply to companies outside Europe?
4. What is the biggest fine so far?
5. Which would be the best way to present to the management the need to implement GDPR?
6. How much time would it take a small company?
Thanks
-
DPIA, consent and other EU GDPR questions
1.What documents in the EU GDPR Premium Documentation Toolkit toolkit are mandatory?
2.Usually how many DPIA does a medium size company need to perform?
3.Can an employer ask consent from employees for sending their data outside the EU ?
4.Is ISO27001 enough in terms of security measures?
5.When does a company outside EU need to appoint a representative?
6.Is it a specific formality?