Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
GDPR and voice recording message
We are a SMP company with about xyz staff. We would like to record all phone conversations via our phone system. I just wanted to know what kind of message we will need to have when people call us so that we are able to record calls following the GDPR guidelines? -
GDPR advice for a Surf Camp
We're a surf camp based in xyz, and due to our company being a registered EU company and the majority of our clients coming from the EU, we are effected by the GDPR laws. Before the law was enforced, we sent an email out to ask our current xyz person mailing list (majority of which are past guests) to opt-in to our monthly newsletters. Xyz people opted in, which was a huge blow. We believe from some searching we have a loop hole so that means that we can still email our mailing lists. However, we want to be sure before we do something wrong! -
DPO requirement for online company who has 1 employee
Can I myself be a DPO for my own online multivendor marketplace? I am in progress of creating a membership-based online multivendor marketplace for digital products. The purpose of this business module is not to have employees and give the option to earn for others and I would be the only person working and operating the website. I would be keeping the costumes/members data to a minimum, however, IP address and customer purchases are still necessary to keep for business analytics and accountancy purposes. My website is able to offer costumers to remove/rectify their data by themselves independently as well as to contact the DPO (which would be me). I see me the most suitable person to do the task as I am the one who created the site, will be doing the future development of the site, a provider of security applications/doing the weekly scanning and backups. I can't find on the internet clear sentence which would agree with mycase, therefore I wish you could give me an advice. Also, I am wondering if there is some kind of insurance/auditor s, what would assure/ensure I am safe to make the site Live - to the moment it is almost ready- I am just afraid that there may be some small aspect/point what somebody could pick on. I am just at startup position and wouldn't be able to afford an independent DPO. please advise. -
Multi controllers
We have business relationships in which we are neither processor nor joint-controller in relationship to the other business. We are data controllers in common, as the term seems to be. I don’t see an agreement for multi-controller relationships of that nature in the Advisera GDPR documents, however. Is there a modification of an existing document that makes it suitable for a multi-controller relationship? Or do you have a different document for that to provide us? -
Parent's right
Our school brings in an external psychologist to assess some students. She/he gets access to information such as child's name, parents phone number, class and medical information. what should we do to be gdpr compliant? -
Data Subject access request procedure
I refer to the 04.5Data Subject Access Request Procedure template and the 04.6Data Subject Access Request Form. There is a requirement for the address proof document. I understand that it is most secure deliver the hardcopy of data by post. However, the request could be asking for an electronic copy in word or PDF, which obviously makes sense only to be sent via an email. The question is whether email is a secure channel and how we can prove the email belongs to the data subject. Could you please share the workable and secure channel for delivering data to the requester? -
Video & phone requests
Could you please explain how the company has to act in case the client requests video or phone recording with them. Should the company provide the client with it without delay or maybe there should be a legal reason for that, like subpoena or official appeal? -
Personal Data Transfer Kit points 6.2 and 6.3
The company process company data, and distributes software to Italian retailers. Do you need to complete the forms 6.2 and 6.3? -
Registration to a local Data Protection Authority
"Where Article 3(2) applies, the controller or the processor shall designate in writing a representative in the Union". I would like to know if it is necessary to have a document in place between the Extra European Company and the European one and also if this has to be communicated to someone, or register it somewhere. -
Utilization of 11.A.15.2 and 11.A.15.1 documents
How do we utilize the 11.A.15,2 "Supplier Data Processing Agreement" & 11.A.15.1 "Standard Contractual Clauses for Transfer of Personal Data to Controllers" for our customer (travel services) and their 3rd party Data Transfers with their suppliers (Travel Agents and outsourced fulfillment companies such as food Services…etc) ?