Get a 20% discount on the first year of the Company Training Academy annual plan.
Limited-time offer – ends April 24, 2025
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Criminal background check
My employer has recently conducted a criminal background check on me and they found a court decision from several years ago. They sent this court decision to their head office (the founder of our company) abroad. I wonder if they breached my rights regarding personal data? -
Data processor's contractual obligations
Is it permitted for a data processor to make a separate contract with their data controller's data subjects? -
Car license plate number
Is a car license plate number considered personal information and is it under GDPR? -
Cross-border data transfers
My company uses a lot of cloud applications, disregarding the actual data held in the apps, on behalf of our employees we provide their PII data by registering them as users of these applications. This registration PII data is frequently held in the USA. Is that a Cross-Border Data Transfers? -
GDPR compliance
We are ISO27001 certified and I am looking at BS:10012:2017 to further our compliance with GDPR. I understand the 2017 version aligns itself with GDPR and may be seen as a "certificate of GDPR compliance". If I understand it correctly, a successful audit for BS:10012 means that it can be appended to the 27001 certificate indicating we are securing personal data. Personal data for our company is the customer data we collect on behalf of clients and our own employee data. We are both a data processor and a data controller. The alternative is ISO 270018, for protecting data in the cloud. And we are a cloud based company. I am leaning towards 10012 as the next step and would appreciate your view. -
The classification of data
In our website server, we have customer's personal data. IT is only responsible for the security of the OS. The website developer is responsible for the development of the website application. It needs to access and back up the database of the entire customer information. It can also view all transaction information and customer information, because sometimes it is necessary to view and test bugs. Sales can view customer information and order information through the backstage of the website. For such information assets, should it be assigned to IT,Sales or developer? Or how to divide such interactive information assets from the perspective of asset classification. -
Controller or processor?
We are a big company that process employees personal data. One of the benefit for our employees is health services and insurance. A healthcare company provide that kind of services for us are controller or processor for employees personal data? -
Article 9 GDPR (Special Category Personal Data)
With regards to Article 9 and Special Categories , my question is - Do I obtain consent from the Data Subject to process their Special Category data when they voluntarily submit their Special Category data into a chatbot/social media platform etc or would the Chatbot have to explicitly provide for an Opt-In form of consent BEFORE any data is entered into the chatbot? -
Legal basis for processing personal data
Which of the GDPR clauses should be applied in the processes of job applications, interviews (handling information in CVs and asking for reference- holding reference calling records) and after employment documenting employee information who will work in stores in the EU and outside of it? Is it also necessary to carry out ISO 27001 processes? -
Data transfer outside of the EU
We're a digital-currency exchange start-up. Currently, we're working on developing the user onboarding process, as part of which we ask users to upload proof of identity and other documents. The document storage solution is provided by an external tech company. They do not process the files, but simply provide storage on their servers which are located in EU. However, the service provider is incorporated in the USA. My main question is, does this equate to a restricted transfer under GDPR. We're also in need of ongoing advice on an ad-hoc basis with regards to meeting GDPR compliance.