Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Data processing agreement
We are a company recruiting seafarers that we could use to supply a vessel that is required by our customers. We have a customers who's giving us information what position we need to fill in. In this case, there is a scenario where we share information of the seafarers to our customers and we don't know if they are also sharing those info outside their company for whatever purposes. Our question is, do we need a data processing agreement with our customers or we should be treated as two independent controllers or what agreement should we use? -
Checking the EU citizenship on a website
A website that I have a user on is requesting my full name, physical address, and a government issued ID to verify that I am a EU citizen just so they can adhere to my request of deleting the account that i haven't used for a long time and won't even use anymore. I was already sending the request from the email address that is associated with the user. Can they really ask for more personal info and an ID? -
Outside the EU
I live in the U.S. I'm a very small affiliate marketer. I have no intention of targeting any citizen or subject of the EU in my marketing efforts. Do I need to worry about implementing GDPR? There is so much conflicting information. -
GDPR and voice recording message
We are a SMP company with about xyz staff. We would like to record all phone conversations via our phone system. I just wanted to know what kind of message we will need to have when people call us so that we are able to record calls following the GDPR guidelines? -
GDPR advice for a Surf Camp
We're a surf camp based in xyz, and due to our company being a registered EU company and the majority of our clients coming from the EU, we are effected by the GDPR laws. Before the law was enforced, we sent an email out to ask our current xyz person mailing list (majority of which are past guests) to opt-in to our monthly newsletters. Xyz people opted in, which was a huge blow. We believe from some searching we have a loop hole so that means that we can still email our mailing lists. However, we want to be sure before we do something wrong! -
DPO requirement for online company who has 1 employee
Can I myself be a DPO for my own online multivendor marketplace? I am in progress of creating a membership-based online multivendor marketplace for digital products. The purpose of this business module is not to have employees and give the option to earn for others and I would be the only person working and operating the website. I would be keeping the costumes/members data to a minimum, however, IP address and customer purchases are still necessary to keep for business analytics and accountancy purposes. My website is able to offer costumers to remove/rectify their data by themselves independently as well as to contact the DPO (which would be me). I see me the most suitable person to do the task as I am the one who created the site, will be doing the future development of the site, a provider of security applications/doing the weekly scanning and backups. I can't find on the internet clear sentence which would agree with mycase, therefore I wish you could give me an advice. Also, I am wondering if there is some kind of insurance/auditor s, what would assure/ensure I am safe to make the site Live - to the moment it is almost ready- I am just afraid that there may be some small aspect/point what somebody could pick on. I am just at startup position and wouldn't be able to afford an independent DPO. please advise. -
Multi controllers
We have business relationships in which we are neither processor nor joint-controller in relationship to the other business. We are data controllers in common, as the term seems to be. I don’t see an agreement for multi-controller relationships of that nature in the Advisera GDPR documents, however. Is there a modification of an existing document that makes it suitable for a multi-controller relationship? Or do you have a different document for that to provide us? -
Parent's right
Our school brings in an external psychologist to assess some students. She/he gets access to information such as child's name, parents phone number, class and medical information. what should we do to be gdpr compliant? -
Data Subject access request procedure
I refer to the 04.5Data Subject Access Request Procedure template and the 04.6Data Subject Access Request Form. There is a requirement for the address proof document. I understand that it is most secure deliver the hardcopy of data by post. However, the request could be asking for an electronic copy in word or PDF, which obviously makes sense only to be sent via an email. The question is whether email is a secure channel and how we can prove the email belongs to the data subject. Could you please share the workable and secure channel for delivering data to the requester? -
Video & phone requests
Could you please explain how the company has to act in case the client requests video or phone recording with them. Should the company provide the client with it without delay or maybe there should be a legal reason for that, like subpoena or official appeal?