EU GDPR - Expert Advice Community

Home / EU GDPR

Discussions

Top Contributors

Expert

Rhand Leal

4148
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 ISO 9001 Risk Assessment Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit Product: ISO 13485 Documentation Toolkit ISMS register of requirements Internal Audit Product: ISO 27001/Risk Assessment Table Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Certification ISO 14001
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Data breaches

    Under the pre GDPR legislation in relation to a financial institution, data of a financial nature was defined as any name, account number, credit card number, that could be used to identify an individual, and any unauthorized disclosure was deemed to be a reportable breach. That same definition is omitted from 2018 GDPR legislation. Is such a breach no longer deemed to be reportable? Many thanks for your time and expertise.

  • Register of Data Subject Access Requests

    Please let me know for how long we should keep it the Register of Data Subject Access Requests?

  • Consent

    Is consent the only lawful basis we can use regarding mailing lists? Do they have to have the option to opt in to receive emails?

  • Laws and regulations

    In the documents, I see repeated reference to the below. Please provide us with this information for the Netherlands in English. Many thanks!

  • Most important documentation

    What are the most important documentation that a school should have in compliance to GDPR?

  • School mailing list

    Is it necessary to have an opt out option for parents from the mailing lists we have as a school?

  • Keeping data in hard copy

    At the moment we store all our data in hard copy, then all this hard copy documentation is scanned to make a electronic backup. The question is do people have to store hard copy paper documents to comply with GDPR or can we have to electronic storage facilities and destroy the original hard copy?

  • GDPR processor compliance

    My question is as a data processor, what specific steps do we need to take in order to be GDPR compliant? Is it as simple as a privacy policy that addresses what we store, how long, and how to have us remove the data?

  • Sending marketing emails

    Can we consider the sending of digital newsletters for marketing purposes as legitimate interests of hoteliers?

  • Cross Border Data Transfers

    While we don't deal with companies outside the UK in the general sense, we do have employee personal data stored in places such as online accounting systems (Xero), online HR system (PeopleHR) etc. Having checked the Privacy Policies on their websites I can see that our data may be processed in the likes of New Zealand and the US. Does this qualify under the Cross Border Data Transfers and if so how do we proceed in terms of agreements? Do we need to get them to sign a data transfer agreement?
Page 57 of 97 pages