SPRING DISCOUNT
Get 30% off on toolkits, course exams, and Conformio yearly plans.
Limited-time offer – ends April 25, 2024
Use promo code:
SPRING30

EU GDPR - Expert Advice Community

Home / EU GDPR

Discussions

Top Contributors

Expert

Rhand Leal

4148
Discussions
Expert

Carlos Pereira da Cruz

1916
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 ISO 9001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS register of requirements Internal Audit Product: ISO 27001/Risk Assessment Table Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Certification ISO 14001
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • GDPR applicability

    Is GDPR applicable on companies that operates outside Europe for example KSA but the company might server European citizens resides there

  • Data Processing Questions

    Firstly, do you offer a European Representative service? If yes, can you send me details of that please?

    Secondly, I would like to clarify what is required on a Data Processor’s ‘Record of processing Activities’ form? I've been told by a few sources now that I have to include every client we provide processing services to, with Company Name, contact name, contact email and phone No… is this correct? We have thousands of customers!

    If I must do that, then so be it, I will do it, I would just like to confidently confirm this is what I must do.

  • Email Marketing GDPR

    I am looking for B2B partners and was wondering if it is permissible to email them.

  • GDPR Scope and applicability

    We are a US based very small company (4-5 employees) and provide software for collecting data related to plant performance to plants based in US and EU both. 

    Now the only personal data we have in our cloud (365 office and outlook) are email id's and names of the employees of EU based plant workers. In some cases we have access to their offical phone numbers. 

    So yes we have what can categorize as personal data. But due to the limited customer information that we have would GDPR still apply to us ? and in this case would be act as a processor or controller of PI ? 

     

  • General privacy policy/notice vs. entity-specific policy/notice

    For a company that has subsidiaries with different processing, is it ideal for them to have a general privacy policy or notice or entity-specific ones?

  • GDPR intermediary

    Hello. I have a question about Calendly type tools. These tools are intermediary software to make it possible to schedule an hour/a consultation of a client with a professional). The client reserves an hour through calendly leaving their name, email and other data. Calendly sends this data to the professional, but logically, it also saves it for its own reservation management. In this case, should calendly request express authorization from the client to store this data in its databases? Or should the professional be in charge of putting the fact that they share the data with calendly in their privacy policy?

  • Laboratory space

    Hello, I have a quick question about video surveillance in the workplace. My employer has installed 2 cameras on the area mentioned. No information was given to the employees in advance. When I asked, I got the following answer: "The video material is not recorded and access is password protected and is only intended to support the fire brigade in the event of a fire alarm" Is that enough justification? I would be very happy about a short feedback.

  • Doubts about ODPR or GDPR

    Would you like to know if the company has the right to have a list with all the passwords of the employees to access their computers? If somewhere in the LOPD or the RGPD, it is indicated that the Data Protection Delegate must have said list to be able to access the equipment in the case of not being an employee. What I comment below is my thought but not knowing all the obligations of the LOPD or the RGPD I am the IT manager of the company and it is the first time that I come across this indication in my entire professional career. Knowing computer systems, I think that this goes against any computer security scheme and protocol, so it seems strange to me that this is the case. I also find it strange because of the following: A multinational like Repsol, if the users have to change the password every 6 months. That you have to communicate your password to the data protection officer…. If all the companies had to have that list, as I have been told, I don't think I know if there would be any company that complied with the LOP or the RGPD

  • Split between EU GDPR and UK GDPR

    "I am considering purchasing a pack but given the split with EU GDPR and UK GDPR, I am questioning it.  I also understand that there is not a lot of change in the UK GDPR against the EU GDPR so could do slight amendments accordingly eg reference to the UK GDPR legislation, what are you thoughts?

  • Change of GDPR document

    I need to update my original GDPR documents from 2018. Do you have a  cheat list of the changes or amendments please
Page 4 of 97 pages