Get a 20% discount on the first year of the Company Training Academy annual plan.
Limited-time offer – ends April 24, 2025
Use promo code:
CTA20

EU GDPR - Expert Advice Community

Home / EU GDPR

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit ISO 9001 Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS Internal Audit register of requirements Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Product: ISO 27001/Risk Assessment Table ISO 9001:2015 ISO27001
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • GDPR compliance and data protection

    I have some questions that you may be able to help with.

    1. There is some suppliers like couriers that want to sign DPAs with us. Is this ok? Are couriers processors?
    2. Also since we want to start from January to work on our implementation how much time do you think we need? How about resources?
    3. Being a shipping company do we need to register?
    4. When we provide the notices to the crew members we are recruiting do they need to sign it?
    5. Are we allowed to keep the CVs for possible future arrangements?
    6. And if yes is there a time limit?

  • GDPR and impact assessment on data protection

    So we have this software where people make recommendation for friends to buy goods, and in the process of buying with credit card's etc customer information is disclosed. how can we make sure people don't use those info; to hack or etc other customers? In summary: like how do we protect customer data when a project went live.?

  • Data subject & DSAR

    1. Is having the data subject respond to an e-mail address on file with the Controller considered acceptable? 
    2. Has there been any further guidance as to the recommended methods to prove the identity of the data subject who is submitting a DSAR?  

  • EU GDPR Policies and procedures

    In relation to GDPR Policies and procedures, it is mandatory that you have to send to other companies who request it?

  • Data gathering for kindergartens and schools parties

    Dear sirs,

    I have a small seasonal business as organizing Santa Claus parties to kindergartens and schools. Thus, I get lists of personal data of the children (name, surname and age) to be able to personalize the gifts. Also I get personal data of the teachers for the same purposes.

    I would appreciate your help with the following:

    1. Are there any specific things that I need to include in the contract?

    2. According to the GDPR what is my company a controller or a processor?

    3. Do I need to register somewhere if I process personal data?

    4. Are there any specific requirements for handling data of children?

    5. During the events sometimes my crew takes pictures and posts it on social media. Are there any restrictions?

    6. How much time do I need to keep the lists whit the children`s names and age?

    Thank you
     

  • Data subjects’ consent in a mobile app

    I have a question on obtaining data subjects’ consent under GDPR in a mobile app (Android/iOS). The mobile app content is food and recipes:

    We want to activate this mobile app in some countries in pure English language, so the mobile app and the content is NOT translated to local language. Privacy Notice we provide, is indeed translated to local languages.

    But the screens in the app, where we want to ask the users of the mobile app for his consent, are in English.

    We have checked a huge number of other food/recipes apps in the app-stores, but haven’t found any app, where full app is in English, but consent screens are in local language.
    Also we see that as confusing, when an app is switching the language in the user experience of the app.

    The question is now, is there any rule, or is it mandatory from GDPR point of view, that the screen obtaining data subjects’ consent has to be also translated into local language ?

  • FOI legislation

    I've been looking at your materials with interest and have enjoyed your free training. 

    What I'd be interested to know is how your clients in the public sectors subject to FOI legislation handle your IPR. 

    Public authorities are subject to FOI and that could entail what policies and procedures they have in place. 

    Obviously, commercial interests, copyright laws, and confidentiality law can apply but often this is very limited in relation to the requirements for transparency.

    I'd be interested to hear your thoughts on this.

  • GDPR and local legislation

    Can you plese hep me out with some answers:

    Do state authorities have to comply with GDPR? Are there any restrictions?
    How does the GDPR compare to the national laws?
    Which will prevail in a conflict between GDPR and national laws?
    Does an IP constitutes persoanl data?
    Can you please provide an example on what automated decision making means?

    thank you

  • Ignoring EU GDPR principles

    Can ignore all gdpr principle and go straight to article 13 (5)?

  • GDPR and surveillance at the workplace

    Hi,
    surveillance at the workplace is generally allowed, and is also handled in GDPR, however there are now some additional restrictions, like the additional transparency rules. I wanted to ask the following:
    - does the data controller have to register surveillance data, or at least the surveillance data of incidents?
    - do the affected employees have the right to access this surveillance data?
    - does the employer have to inform the employees about all possible surveillance practices it does (or can) carry out? How would that happen normally?
    - in which cases is invasive surveillance (or longer term more or less permanent) surveillance allowed? Does the employer have to disclose such cases? Or keep a register of them?
    - if invasive surveillance is proven, which information can the employee request from the data controller (beginning, end, time period, people involved, decision makers involved, whom it was forwarded to, which kinds of surveillance techniques were employed [electronic, video, audio...], etc.)?
    Thank you
Page 35 of 97 pages