SPRING DISCOUNT
Get 30% off on toolkits, course exams, and Conformio yearly plans.
Limited-time offer – ends April 25, 2024
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Sub processor data processing agreements
Your data processor to sub-processor agreement refers to a “principal agreement” so I’m not sure what your advice would be in these scenarios? Is there a simpler way of ensuring we are compliant without having a formal contract and processing agreement in place? Bear in mind that many of these providers are self-employed or running small businesses (eg local cleaners, gardeners, maintenance contractors, inventory clerks etc) or providers we will never use again (eg local hotels, holiday lets, letting agents etc). -
Consent for marketing email
We are in the hospitality sector and maintain a database of past/present customers to whom we have been sending email newsletters on a periodical basis. The newsletters included a link to unsubscribe. We have not sent any newsletter since 25 May 2018. -
Citizen or residents?
It is a huge difference in being a EU citizen or resident. Can you please clarify what should be the correct term? -
GDPR tips
Hello, I'm in my small business (about 30 employees) proportionate information security officer and proportionately engaged in project management outside of this issue. Due to staff shortages and time pressure in the project with me in recent months, the employment with the GDPR hardly came about. But now the time has come and I have the task, quasi as Head of GDPR (without being named officially DPO) to fulfill the implementation. Because in our view ISMS and GDPR go hand in hand. I have been given the stipulation to do the GDPR regulations by the end of the year by the end of the year. -
Contracting and GDPR
1. My company is registered in Ukraine, the "third country" from GDPR point of view. The company provides software development services on contractual basis for EU-located companies, not for individuals/ To perform the contracts we need to know contact data such as e-mail, phone, name of the served company employee. the question 1 - should we sign some additional agreements to transfer these data required to perform contracts to "third country"? -
Subscription services
1. If we use free subscription services from third parties (e.g. email / lead generation service) the data shared with them while using the service is usually governed by their privacy policies. Is that acceptable ? -
GDPR and recorded calls
I would kindly ask your help in regards of recorded calls. I am working in a call center as an associate support agent where all the calls are recorded. We are located in Europe, Czech Republic. -
When is EU GDPR applicable?
1. EU person go to business trip in Thailand and in Thailand if we have processing his personal data it cover in GDPR law or not ? -
“Refer a Friend” program
What is the guidance regarding “Refer a Friend” programs under the GDPR? Do we need to get consent from referee (ie. the friend) prior to contacting them or sending them marketing correspondence? If that’s the case, how would we be able to get consent if we’re not able to contact them in the first place? -
DPO ROLE
I would like to know in practical if there’s a breach, what should a DPO do?