EU GDPR - Expert Advice Community

Home / EU GDPR

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 ISO 9001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS Internal Audit register of requirements Certification Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Product: ISO 27001/Risk Assessment Table ISO 22301
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • DPO

    Who is responsible for adding contracts with personal data clauses agreements with the processors, legal department or DPO?

  • Vital interests and public interest

    I'm currently planing an AI based Start-Up in the healthcare space that is supposed to develop innovative diagnostic tools for better treatments. I'm struggling to grasp, if my clinical Partner (that is supposed to contribute the patient data) and the Start-up are GDPR compliant and can process the data needed for the product. I'd argue on article 6 (1) d) and/or e) + article 9 (2) c) and/or h) since the start-up in its core aims at the production of a medical product that is supposed to improve medical treatment in its branch. However, I'm quite unsure about that and I'd be very happy if you could give me your expert opinion on that issue.

  • MDM

    We are working to be compliant with ISO 27001 in information security, and after a risk assessment we agreed that there is a risk of not having MDM on employee mobile phones when they have access to sensitive information on both email and other application.

  • Data breaches

    Under the pre GDPR legislation in relation to a financial institution, data of a financial nature was defined as any name, account number, credit card number, that could be used to identify an individual, and any unauthorized disclosure was deemed to be a reportable breach. That same definition is omitted from 2018 GDPR legislation. Is such a breach no longer deemed to be reportable? Many thanks for your time and expertise.

  • Register of Data Subject Access Requests

    Please let me know for how long we should keep it the Register of Data Subject Access Requests?

  • Consent

    Is consent the only lawful basis we can use regarding mailing lists? Do they have to have the option to opt in to receive emails?

  • Laws and regulations

    In the documents, I see repeated reference to the below. Please provide us with this information for the Netherlands in English. Many thanks!

  • Most important documentation

    What are the most important documentation that a school should have in compliance to GDPR?

  • School mailing list

    Is it necessary to have an opt out option for parents from the mailing lists we have as a school?

  • Keeping data in hard copy

    At the moment we store all our data in hard copy, then all this hard copy documentation is scanned to make a electronic backup. The question is do people have to store hard copy paper documents to comply with GDPR or can we have to electronic storage facilities and destroy the original hard copy?
Page 57 of 97 pages