Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
What makes a GDPR process unique?
I have many processes, they all process the same data, but each process shares the data with a different organisation. Does this make each process unique and needs to be documented separately? -
Data protection and leaseholders
I write on behalf of some leaseholders of a council estate (CE). The CE wants to charge leaseholders to refurbish the communal heating system. We want to establish a leaseholders’ association to represent our interests. So we need to invite leaseholders to join it. But the CE says they can’t give us a list of leaseholders because of “data protection.” Does the GDPR really stop CE from giving us the data? -
Criminal background check
My employer has recently conducted a criminal background check on me and they found a court decision from several years ago. They sent this court decision to their head office (the founder of our company) abroad. I wonder if they breached my rights regarding personal data? -
Data processor's contractual obligations
Is it permitted for a data processor to make a separate contract with their data controller's data subjects? -
Car license plate number
Is a car license plate number considered personal information and is it under GDPR? -
Cross-border data transfers
My company uses a lot of cloud applications, disregarding the actual data held in the apps, on behalf of our employees we provide their PII data by registering them as users of these applications. This registration PII data is frequently held in the USA. Is that a Cross-Border Data Transfers? -
GDPR compliance
We are ISO27001 certified and I am looking at BS:10012:2017 to further our compliance with GDPR. I understand the 2017 version aligns itself with GDPR and may be seen as a "certificate of GDPR compliance". If I understand it correctly, a successful audit for BS:10012 means that it can be appended to the 27001 certificate indicating we are securing personal data. Personal data for our company is the customer data we collect on behalf of clients and our own employee data. We are both a data processor and a data controller. The alternative is ISO 270018, for protecting data in the cloud. And we are a cloud based company. I am leaning towards 10012 as the next step and would appreciate your view. -
The classification of data
In our website server, we have customer's personal data. IT is only responsible for the security of the OS. The website developer is responsible for the development of the website application. It needs to access and back up the database of the entire customer information. It can also view all transaction information and customer information, because sometimes it is necessary to view and test bugs. Sales can view customer information and order information through the backstage of the website. For such information assets, should it be assigned to IT,Sales or developer? Or how to divide such interactive information assets from the perspective of asset classification. -
Controller or processor?
We are a big company that process employees personal data. One of the benefit for our employees is health services and insurance. A healthcare company provide that kind of services for us are controller or processor for employees personal data? -
Article 9 GDPR (Special Category Personal Data)
With regards to Article 9 and Special Categories , my question is - Do I obtain consent from the Data Subject to process their Special Category data when they voluntarily submit their Special Category data into a chatbot/social media platform etc or would the Chatbot have to explicitly provide for an Opt-In form of consent BEFORE any data is entered into the chatbot?