EU GDPR - Expert Advice Community

Health information

1. Do we need to get the consent before?
2. Are we allowed to keep copies of their ID cards?
3. Are there any security requirements on how to protect health data?
4. We are sending some health data but only non aggregated/statistical data to some of our producers that are outside the EU are there any specific thing we need to do?

IT staff and DPO availability

If the core IT staff or DPO are not available due to being on holiday, do you think its best to go with a 3rd party (although they could lack specific knowledge of the systems) to fill the gaps or just deal with it inhouse?

Standard contractual clause and Data processing agreement difference

Can you please tell me if there’s a difference between a “standard contractual clause” and a “data processing agreement” under the GDPR?

EU GDPR applicability

1. Is the GDPR applicable only to companies or private persons as well?
2. Where do I need to publish my privacy policy?
3. Do I need to have an inventory of activities that I do?
4. Can I use GPS to monitor my sales agents?
5. Do I need the consent from my sales agents?

BCR, DPO and judicial data

1. Can you please explain a bit if having BCRs in place we will be compliant with the GDPR?
2. Are any specific requirements on how to process data about the health of our contractors?
3. How about judicial data? We are required to ask for the criminal record of the crew before hiring them.
4. Do we need to have a data protection officer?
5. Do we need to register as processing health and judicial data?

Processing biometric data

I am working on a Facial Recognition based Loyalty Program in food and retail outlets.

I have a very tight budget and I would very much not like to get sued by people when I capture their biometric data!

Therefore, I would like to get some advise on how to formulate a good GDPR compliant 'terms and conditions page' for a new user when he/ she registers to use my product for the first time.

All policies in place

Data transfer and data access

May I please ask you whether data transfer and data access are the same things due to GDPR?

Implementing a newsletter delivery system

Good morning. I need your help. For some days I have been a marketing manager for an industrial hardware store and I would like to implement a newsletter and non-newsletter delivery system.

This company has never invited promotional emails to customers and has never had a software dedicated to sending emails, however, it has a series of customer contacts acquired over the years. These customers have not yet been sent the famous email to be sent by May 25, containing the information on the GDPR, so I would like to do it. I wanted to understand:
 

1. What should I enter as text in this mail? Is the transcription of our privacy policy updated according to the new legislation ok? (but there is a problem: it is very long …)

2. Do I have to insert a button in th e email to click if the user wants to keep in touch with us?

3. What should I do with users who do not confirm? Delete them from the database?

Questions on EU GDPR

1. Are there any limitations to the applicability of the GDPR?

2. Do all companies need to register to the data protection authority?

3. What are the security requirements for personal data?

4. Are there any company certifications available for compliance with the GDPR?