Get a 20% discount on the first year of the Company Training Academy annual plan.
Limited-time offer – ends April 24, 2025
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
EU GDPR controller vs. processor
If we have an EU client who is the Controller of data (let's assume client data about previous purchases for a retail/ecommerce store) and we must become a Processor of this data, when are we considered a Controller of the data? I'm assuming that we technically could not be the Controller since we do not have the relationship with the client directly, but I'm a little unsure of the exact nature of that relationship. -
Direct marketing to US companies under GDPR
I work for a California-based company with new operations opening up in the EU. I am interested to know if we are still able to send cold emails to purchased lists of business people with specific job titles in geographic regions where incentives are available for our product even with the new GDPR regulations. -
Assessing the severity of personal data breach
1. Is there a recommendation or standard when it comes to the severity of a breach of records based on quantity of records breached? For example: Does the breach of sensitive data which can cause a high degree of risk of a single data subject carry the same weight as one hundred or thousands of data subjects? -
Deletion request
If the data controller has the obligation to erase the information about data subject upon the request, how does my company keep the record, statistics and archives? -
Certification of the EU GDPR consultant
Does the consultant who is giving consultation on GDPR must be certified from somewhere? -
EU GDPR representative
Asia / Malaysia. We have EU data in our and customers' environment. Since this GDPR originates from EU, hence - who will enforce it anyway? DPA / Supervisory Authority / Lead Authority? - but we do NOT have that in our country. -
B2B Sales
I simply have a question about the communication between sales account managers and every customer in their account base. As their account manager, do they have the authority to communicate with their account base about whatever business related information they need, including asking them to opt in to the companies marketing emails? -
International data transfers
I work for an institution which has spread out in xyz countries. We collect personal information of participants/individuals who register for our course with regards to yoga and mediation. As we are spread out in various countries and we have to transfer personal data as participants can enroll for courses once they are a member of the institution in any country. So we wish to keep a record where each individual has taken courses and based on points system they can avail discounts for other courses. Since data would be transferred from one country to another how to safeguard personal information and not be in fault with any data protection laws worldwide. -
Personal Data Protection Policy template
I just bought the template Personal Data Protection Policy. In your web page states that this is optimized for small and medium-sized companies, but I saw a lot of references of job titles that are confusing me. There are references for: Data Protection Officer, IT security officer, Head of legal department, IT manager, Marketing manager, Human resources manager, Procurement manager,…. I think this is the structure of a large company, not a small one. -
Access to psychometric tests
I am a psychologist and I wonder what happens when a client requests access to their file which includes completed psychometric tests? Can the client be given a copy of the completed test? various ethical codes prohibit client access to the tests themselves (although they can have a copy of the produced report), with the aim of maintaining test reliability and also respecting the test's copyrights. I was wondering if GDPR covers this.