EU GDPR - Expert Advice Community



Create New Topic As guest or Sign in

HTML tags are not allowed

Assign topic to the user

  • General privacy policy/notice vs. entity-specific policy/notice

    For a company that has subsidiaries with different processing, is it ideal for them to have a general privacy policy or notice or entity-specific ones?

  • GDPR intermediary

    Hello. I have a question about Calendly type tools. These tools are intermediary software to make it possible to schedule an hour/a consultation of a client with a professional). The client reserves an hour through calendly leaving their name, email and other data. Calendly sends this data to the professional, but logically, it also saves it for its own reservation management. In this case, should calendly request express authorization from the client to store this data in its databases? Or should the professional be in charge of putting the fact that they share the data with calendly in their privacy policy?
  • Laboratory space

    Hello, I have a quick question about video surveillance in the workplace. My employer has installed 2 cameras on the area mentioned. No information was given to the employees in advance. When I asked, I got the following answer: "The video material is not recorded and access is password protected and is only intended to support the fire brigade in the event of a fire alarm" Is that enough justification? I would be very happy about a short feedback.
  • Doubts about ODPR or GDPR

    Would you like to know if the company has the right to have a list with all the passwords of the employees to access their computers? If somewhere in the LOPD or the RGPD, it is indicated that the Data Protection Delegate must have said list to be able to access the equipment in the case of not being an employee. What I comment below is my thought but not knowing all the obligations of the LOPD or the RGPD I am the IT manager of the company and it is the first time that I come across this indication in my entire professional career. Knowing computer systems, I think that this goes against any computer security scheme and protocol, so it seems strange to me that this is the case. I also find it strange because of the following: A multinational like Repsol, if the users have to change the password every 6 months. That you have to communicate your password to the data protection officer…. If all the companies had to have that list, as I have been told, I don't think I know if there would be any company that complied with the LOP or the RGPD
  • Split between EU GDPR and UK GDPR

    "I am considering purchasing a pack but given the split with EU GDPR and UK GDPR, I am questioning it.  I also understand that there is not a lot of change in the UK GDPR against the EU GDPR so could do slight amendments accordingly eg reference to the UK GDPR legislation, what are you thoughts?
  • Change of GDPR document

    I need to update my original GDPR documents from 2018. Do you have a  cheat list of the changes or amendments please
  • GDPR Questions

    1. Advisera docs Footer and Change record – do we have to keep the Advisera wording on all docs?
    2. Client data – How long can we keep data? 6 years +1 from collection date or when client has left then 6+1
    3. Confirm BtoB data is still governed the same way as BtoC – PII
    4. Back Ups on Tape Drives and SAR requests – where do we stand?
    5. If a client asks to see our policies can\should we hand them over? Incident log, do we have to show that if asked?
    6. Clarify medical data in ***, we don’t collect it, but customer could upload it, what are the implications for us as Processor?
  • GDPR Query

    We are onboarding a new third party vendor tool which will store our EU customer's data in AWS US. The Vendor is refusing to sign DPA and SCCs with justification as the contract value is very less vendor's legal team won't sign the document. What should we do in this scenario?
  • Data Protection Addendum and Standard contractual clauses

    Hi Everyone, I have the below queries when it comes to signing of DPA and SCCs 1. In which scenarios do we sign a Data protection addendum(DPA) and standard contractual clauses(SCC) with the vendor? For e.g. there is a scenario where we will be sharing our European customer PII data with the vendor and the vendor will be storing that data in a non-EU region. In this case, we sign DPA and SCC with the vendor. What are the other scenarios where we sign DPA and SCCs with vendors?  
  • GDPR compliance for B2B software applications

    Do you have any info for GDPR compliance for B2B software applications (where I think we are the processors and our clients are the controllers)? Most of what I find online is focused on compliance for marketing emails
Page 4 of 96 pages