Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Is EU GDPR applicable to Middle East companies
Hi, I am from Bahrain (Middle East). Our organization which is in automobile service sector handles sales and rentals of vehicles with Europe citizens occasionally. Now my question is: "Do we need to be GDPR compliant?” -
Data transfer policies to non-EU country
I need some help with my GDPR documentation. The kit has policies for data transfer to non-eu country. I need the policy from the data processor as I am data processor and not a data controller. -
Addressing roles
While filling out these documents I notice it asks for job titles of the people that would perform certain duties. In some cases, is it acceptable at all to generalize this role by saying “A member of the IT Department” or is it best to only have one person with the ability to fulfill these roles? -
Non-EU based controller
If the controller is non-EU based, but the processing is partially in the EU performed by EU processors, would you have any advise what should all be paid attention to. My ideas were: -
Mexican personal data law
I have a question, I am in Mexico we are in a university and we receive students and teachers from Europe we comply with the Mexican personal data law, however, to comply with GDPR we are updating but my question is if we have to generate the general privacy policy because in the Mexican personal data law they only request the general policy of security of the information? -
Email addresses and data breaches
Yesterday a member of my team sent out an email to all active employees, the content of the email was not sensitive but the email addresses were included in an outlook group that was added to the TO: field in the message resulting in everyone receiving the message also seeing everyone else’s private email address. Email addresses were the only data item concerned. -
Data Processing Agreement
Company A has an obligation under law such and such to collect personal data from individuals for KYC purposes. Can company A outsource to company B to do the KYC and what parameters have to be looked in according to EU GDPR? -
DPO
Who is responsible for adding contracts with personal data clauses agreements with the processors, legal department or DPO? -
Vital interests and public interest
I'm currently planing an AI based Start-Up in the healthcare space that is supposed to develop innovative diagnostic tools for better treatments. I'm struggling to grasp, if my clinical Partner (that is supposed to contribute the patient data) and the Start-up are GDPR compliant and can process the data needed for the product. I'd argue on article 6 (1) d) and/or e) + article 9 (2) c) and/or h) since the start-up in its core aims at the production of a medical product that is supposed to improve medical treatment in its branch. However, I'm quite unsure about that and I'd be very happy if you could give me your expert opinion on that issue. -
MDM
We are working to be compliant with ISO 27001 in information security, and after a risk assessment we agreed that there is a risk of not having MDM on employee mobile phones when they have access to sensitive information on both email and other application.