Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Legal basis for processing personal data
Which of the GDPR clauses should be applied in the processes of job applications, interviews (handling information in CVs and asking for reference- holding reference calling records) and after employment documenting employee information who will work in stores in the EU and outside of it? Is it also necessary to carry out ISO 27001 processes? -
Data transfer outside of the EU
We're a digital-currency exchange start-up. Currently, we're working on developing the user onboarding process, as part of which we ask users to upload proof of identity and other documents. The document storage solution is provided by an external tech company. They do not process the files, but simply provide storage on their servers which are located in EU. However, the service provider is incorporated in the USA. My main question is, does this equate to a restricted transfer under GDPR. We're also in need of ongoing advice on an ad-hoc basis with regards to meeting GDPR compliance. -
EU GDPR controller vs. processor
If we have an EU client who is the Controller of data (let's assume client data about previous purchases for a retail/ecommerce store) and we must become a Processor of this data, when are we considered a Controller of the data? I'm assuming that we technically could not be the Controller since we do not have the relationship with the client directly, but I'm a little unsure of the exact nature of that relationship. -
Direct marketing to US companies under GDPR
I work for a California-based company with new operations opening up in the EU. I am interested to know if we are still able to send cold emails to purchased lists of business people with specific job titles in geographic regions where incentives are available for our product even with the new GDPR regulations. -
Assessing the severity of personal data breach
1. Is there a recommendation or standard when it comes to the severity of a breach of records based on quantity of records breached? For example: Does the breach of sensitive data which can cause a high degree of risk of a single data subject carry the same weight as one hundred or thousands of data subjects? -
Deletion request
If the data controller has the obligation to erase the information about data subject upon the request, how does my company keep the record, statistics and archives? -
Certification of the EU GDPR consultant
Does the consultant who is giving consultation on GDPR must be certified from somewhere? -
EU GDPR representative
Asia / Malaysia. We have EU data in our and customers' environment. Since this GDPR originates from EU, hence - who will enforce it anyway? DPA / Supervisory Authority / Lead Authority? - but we do NOT have that in our country. -
B2B Sales
I simply have a question about the communication between sales account managers and every customer in their account base. As their account manager, do they have the authority to communicate with their account base about whatever business related information they need, including asking them to opt in to the companies marketing emails? -
International data transfers
I work for an institution which has spread out in xyz countries. We collect personal information of participants/individuals who register for our course with regards to yoga and mediation. As we are spread out in various countries and we have to transfer personal data as participants can enroll for courses once they are a member of the institution in any country. So we wish to keep a record where each individual has taken courses and based on points system they can avail discounts for other courses. Since data would be transferred from one country to another how to safeguard personal information and not be in fault with any data protection laws worldwide.