Please select user.Assign
There are no topics yet.
I am trying to find out if EU Directive 95/46/EC still exists or if it has been formally replaced by GDPR.
1. Why are data quality and data protection important in the organization?
2. When considering information data management as a business resource that needs to be governed. What should this governance ensure?
3. Using data from your data lake what do you need to consider related to GDPR?
I am looking to do a questionnaire and from that ask people for their email address for further contact if they're happy with that. I would not use their email address for anything else other than the purposes set in my questionnaire. Under GDPR ruling, is this allowed?
In the process of the implementation of the Cross Border Personal Data Transfer Procedure, please clarify if the section below is still actual according to the GDPR and repealing Directive 95/46/EC.
Data Importer - the Processor established in a third country who agrees to receive, from the data exporter, personal data intended for processing on the data exporter’s behalf after the transfer, in accordance with his instructions and the terms of applicable laws, and who is not subject to a third country’s system ensuring adequate protection within the meaning of Article 25(1) of Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.
In "Module 13: Sustaining and improving compliance", in the "Keep Looking Forward" video, the lecturer says that:
the e-Privacy regulation is in the drafting stage and will soon set rules for privacy and security in the context of electronic communications.
My question is, has the e-Privacy already come into effect? and where can I find out more information about it?
1. I have been in dispute with a care company over an invoice dating from late 2018. Basically the company was trying to charge my mother, who suffers from *** for appointments where they didn't turn up or left early to get to other appointments. I asked for some information under the "Freedom of Information Act 2000" several months back which the care company did not supply. Recently a Debt Recovery company contacted me reference the unpaid invoice. We have been in communication for a several weeks now. This week I received an email from the Debt Recovery company attached to the email was some of the information that I had requested from the care company. The attachments were a copy of my mothers contract with the care company, a copy of her Individual Care and Support Agreement and a copy of my Power of Attorney for my mothers finances.
Are the care company in breach of GDPR for sharing this information with a third party i.e. the Debt Recovery company?
2. What can I do about this breach of confidentiality?
3. Can I take the Care Company to court over this matter? As I am really not happy with them over this!
It's regarding Module 8: Data transfers and managing third parties in the DPO course
The lecturer explains that there are certain countries that need binding corporate rules between companies transferring to each other who are operating under the same parent company. He explains that there are countries identified as having an adequate level of data protection (i.e the EU member states) and then explains that certain countries were not yet recognized have adequate protection such as the United States was not recognized as having an adequate level of data protection. Is this list of countries still up to date? Are entities in these countries still required to form binding corporate rules?
I had a question about document 07.7 - Data Subject Disclosure Form
Is this form what we send back to the requester when we have completed our research into their request, or is this form for internal company information gathering?
I am unable to determine whether Limited companies are included in the restrictions or excluded. Also, are email addresses with a person's name and the company domain deemed to be personal of for company/business purposes
I do have a question as part of our toolkit plan.
We have finished the risk assessment and treatment plan based on the 27001 approaches, which is asset-based.
In the webinar "How to integrate GDPR with ISO 27001" it was mentioned that recommended is combined "Risk Assessment" for 27001 and GDPR.
My question is in case you have template methodology that combines both approaches?
How do we need to augment current 27001 methodologies & template to be GDPR compliant?
Our current risk register includes assets of type "Processes/Services", which map with processing activities.
To confirm I am not speaking about DPIA, which is unique to GDPR.
Is there anything specific in GDPR that would require to extend methodology that is included in your 27001 templates?