EU GDPR - Expert Advice Community



Create New Topic As guest or Sign in

HTML tags are not allowed

Assign topic to the user

  • International personal data transfers – Binding Corporate rules (BCR) under GDPR – and Cross boarder documentation

    I have been through the forwarded material around GDPR compliance and I have the following questions:

    1. International personal data transfers – Binding Corporate rules (BCR) under GDPR – and Cross boarder documentation
    How do we secure compliance? Is it by fill in and sign the Cross Boarder document or do we need another agreement?

    2. When we have “employed” sellers and consultants with their own companies which invoices their “salary” to Digizuite, do we then need specific Data processing agreements with each of them?

    3. I can’t find a Data Processor agreement in your material. Why isn’t it part of the toolkit?

  • Third Party Compliance

    I have a question in regards to the document in section 8, Third Party Compliance. Supplier Data Processing Agreement.  We use a third party like Google Analytics, does it fall under this category?

  • Changes to EU GDPR policies regarding e-privacy

    Hi, I need to know whether there have been any changes to the EU GDPR policies recently in relation to e-privacy. Can you advise?

  • Are Data Protection Laws extra territorial?

    1. Are Data Protection Laws extra territorial?

    2. Do Data Protection Regulators in various countries communicate with each other?

  • Cookies after blocking them

    I have a website ***.

    I made a proper (as I think) Privacy and Cookie Policy, as well as Terms of Use. Also, there is a Cookie contest, which is visible to all the users and allows them to block the cookies.

    An open-source service "cookie bot" says the website is GPRS compliant. But I still see some cookies in my browser and am afraid that my users will be not satisfied with this.

    How can I fix it?

  • Which tool to use for unstructured data?

    I came to know that in the email body if there is some personal data like address then it is called unstructured data. Kindly guide me a tool for GDPR purpose so that I can use to learn and implement GDPR.

  • Default legal position around data transfers under German Laws

    I am trying to find the default legal position around data transfers under the German Laws. In the UK, if a contract says that parties shall comply with the position of the DPA. It means that parties can transfer data amongst its affiliates if the parties have one of the EU  the approved transfer mechanisms in place. Therefore I want to determine what German law enables/ permits this. Is it something you can assist with?


  • Sensitive data requested for refund processing

    A company owes me a refund and in order for this to happen they are requesting the following:

    "send a copy of the front of your debit card plus either a copy of your passport, driving license or Utility bill dated within the last 3 months.

    Unfortunately our accounts team are unable to process the refund without these."

    I am not happy providing any of this and do not think this is needed for a refund. Can you please advise?

  • Need of keeping data beyond each specific project

    We are very small. We do not keep data beyond each specific project. Do we need to do this?

  • ISO standard and GDPR

    1. How can ISO27701 (Privacy Information Management System) help comply with GDPR?

    2. What are the similarities and differences in both of them?


Page 4 of 75 pages