Information on EU GDPR
I am running a small business in Ukraine setting up websites for Eastern Europe countries. I want to know some information on how GDPR affects me.
- Since I am outside the EU what do I need to do?
- Do I need to find storage in the EU or I can store data in Ukraine?
- Do I need to set up a company in the EU?
- Do I need to encrypt my servers?
- How should I modify the contracts that have with customers in EU?
- Am I allowed to sent marketing emails to my customers?
Can you tell me if it is mandatory to create a DPIA Policy or not?
Banks and data processing agreement
Since banks already have a legal duty to protect the confidentiality of its customers, can our organisation request the banks to sign a data processing agreement for processing the salaries of our employees?
I own a small software company and I would like to ask some clarifications regarding the applicability of the GDPR.
- As a software company do we need to comply whit the provisions of Art. 30 of the GDPR?
- Do we need to perform DPIA for all the processing activities? Are there any criteria to be considered?
- How do we manage marketing communications? Are we required to obtain consent?
- Are there any specific requirements for software development?
- How about websites? Any advice on how to make a website compliant?
EU GDPR Inventories
We are a small company and we have just now stated working on our compliance program.
- Can you please suggest what would be the best way to start with that?
- What information do we need to include in our Inventory?
- How much time do you think it will take to implement the basics?
- Is there a list of documents which are mandatory?
- Do you think we need to have a DPO?
Questions regarding EU GDPR
Can you help me with the following questions regarding GDPR:
- If I have multiple subsidiaries in more than one EU country, do I need to appoint a Lead Supervisory Authority?
- Do I need to register in all EU countries where the subsidiaries are located?
- Can I appoint just one DPO for all of the subsidiaries or I would need one in each country?
- Based on your experience how much time and resources are needed to become compliant whit the GDPR?
GDPR and security measures
Is it allowed, according to DSGVO, to send pay slips by mail internally in the company? Or has to be e.g. to be encrypted with Winrar?
We have an EEA-based person we recently extended a job offer to and whom has asked for a copy of their background report – we obtain background reports from a company who processes information at our request.
What are the next steps for us?
What is the full process?
EU GDPR and Personal Data Processing
- Who is responsible for the personal data which is processed with a third company (like a booking or a paying system)?
- If the Company can access the data (by e-mail, online account, etc,...) but doesn't hold those data?
Personal data processing and Privacy statement
- I have a question about the example they have describe as ABC company and XYZ company- When the XYZ company is going to process my personal data for billing purpose- what rights I have against XYZ company and how can I prevent from using personal data. I feel if it is part of contract then my consent is not required. If they have not mentioned about XYZ company then how can I limit the ABC from Processing my personal data?
- Does privacy statement on the website can carry sufficient and common information to all of its customers?