Get a 20% discount on the first year of the Company Training Academy annual plan.
Limited-time offer – ends April 24, 2025
Use promo code:
CTA20

EU GDPR - Expert Advice Community

Home / EU GDPR

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit ISO 9001 Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS Internal Audit register of requirements Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Product: ISO 27001/Risk Assessment Table ISO 9001:2015 ISO27001
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Using Data Processors

    Do you need a permission or separate legal ground to have a processor in stead of processing data ourselves? (we hire subcontractor for separate functions related to our data processing activities). Can data subject object such processing by data processor , telling he did not give his permission for passing his data to data processor?

  • Do US companies need to comply with EU GDPR?

    If I have a US company that has employees in the EU and Russia and they work remotely, do I need to be GDPR compliant?

  • Joint Data Controllers

    In cases of recruitment companies working on behalf of their clients, is the recruitment company and the parent company joint data controllers?

  • Data Protection Officer

    When do you need a DPO?

  • Retention Period under GDPR

    1. Do you have a suggestion re how to best determine 'retention' periods? Guidelines seem vague and regulator locally very non committal saying 'you must decide yourself'.

  • The scope of DPO's tasks

    Art. 35, 2. GDPR says explicitly "The controller shall seek the advice of the data protection officer, where designated, when carrying out a data protection impact assessment." The DPO is involved as advisor in the execution of the DPIA, but it is not the DPO who executes the DPIA. This needs to be done by the business itself as they are the ones who understand the best their own project. It's necessary a cooperation by both the business and the DPO, but it's definitely wrong and contradictory to the wording of the GDPR that a DPO is to be indicated as responsible for executing a DPIA . This remains the responsibility of the Data Controller!

  • DPIA: evaluation of possible risks

    The DPIA: the evaluation of possible risks. Most often during the workshops risks come with the assumptions that smth might happen. If we take into account all the assumptions there will be no end to possible risks. Is there a good approach on how to define the risks? What questions can one ask ? And how do you justify that this risk is MEDIUM, HIGH, LOW?

  • EU GDPR and governmental benefit industries

    How do you think GDPR applies to private or governmental benefits industries, such as pension or health care plans, who only market their services to their own employees?

  • What makes a GDPR process unique?

    I have many processes, they all process the same data, but each process shares the data with a different organisation. Does this make each process unique and needs to be documented separately?

  • Data protection and leaseholders

    I write on behalf of some leaseholders of a council estate (CE). The CE wants to charge leaseholders to refurbish the communal heating system. We want to establish a leaseholders’ association to represent our interests. So we need to invite leaseholders to join it. But the CE says they can’t give us a list of leaseholders because of “data protection.” Does the GDPR really stop CE from giving us the data?
Page 49 of 97 pages