Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Split between EU GDPR and UK GDPR
"I am considering purchasing a pack but given the split with EU GDPR and UK GDPR, I am questioning it. I also understand that there is not a lot of change in the UK GDPR against the EU GDPR so could do slight amendments accordingly eg reference to the UK GDPR legislation, what are you thoughts? -
Change of GDPR document
I need to update my original GDPR documents from 2018. Do you have a cheat list of the changes or amendments please -
GDPR Questions
- Advisera docs Footer and Change record – do we have to keep the Advisera wording on all docs?
- Client data – How long can we keep data? 6 years +1 from collection date or when client has left then 6+1
- Confirm BtoB data is still governed the same way as BtoC – PII
- Back Ups on Tape Drives and SAR requests – where do we stand?
- If a client asks to see our policies can\should we hand them over? Incident log, do we have to show that if asked?
- Clarify medical data in ***, we don’t collect it, but customer could upload it, what are the implications for us as Processor?
-
GDPR Query
We are onboarding a new third party vendor tool which will store our EU customer's data in AWS US. The Vendor is refusing to sign DPA and SCCs with justification as the contract value is very less vendor's legal team won't sign the document. What should we do in this scenario? -
Data Protection Addendum and Standard contractual clauses
Hi Everyone, I have the below queries when it comes to signing of DPA and SCCs 1. In which scenarios do we sign a Data protection addendum(DPA) and standard contractual clauses(SCC) with the vendor? For e.g. there is a scenario where we will be sharing our European customer PII data with the vendor and the vendor will be storing that data in a non-EU region. In this case, we sign DPA and SCC with the vendor. What are the other scenarios where we sign DPA and SCCs with vendors? -
GDPR compliance for B2B software applications
Do you have any info for GDPR compliance for B2B software applications (where I think we are the processors and our clients are the controllers)? Most of what I find online is focused on compliance for marketing emails -
Internal audit of management systems and GDPR
I have an inquiry regarding the conduct of reporting internal management systems and the GDPR. In our internal audit reports of our management system, we include the names and position of the audit participants. Will this pose a breach in the GDPR? Also, part of the report, as an attachment, is the attendance list containing the names and positions. Is this also a breach as per GDPR? -
Questions about CCTV in GDPR
- Is it correct if I mention in DPIA two data collection reasons for the CCTV: facility intrusion detection and labor discipline?
- What is the size of the CCTV sign inside the office and outside premises should be?
- There is CCTV in the office with no automated processing. Sometimes there are kids visiting the office. Do I need to mention about the kids' data in recordings?
-
Data Subject Access Request
We have had a Subject Access Request from an ex-employee. I would like to know what data exactly I need to send and what do I need to dedact from the data that we send out? The user has only been with us for a few months, so mainly Teams messages and emails. There will be other usernames and Client names in the mix, do we need to dedact them all? I have the data from ***, but need to run through it now and send out by the end of the month. -
GDPR applicability
Hey,
So if we are a non-EU based organization and offer products/services (not SAAS) to a few EU based companies (not all customers in EU) would GDPR apply to us ?
Especially if we maintain EU-customer information like email, address and phone number ?