Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Question about privacy notification
I want your help if you can help I will be a pleasure This is a detailed question and it is not possible for me to find the answer by browsing the websites on the internet or I am not sure for to aplly them. I'm doing an internship right now. My question is: There are two companies A Company and B company A company uses B company's product/ service. B company has two websites: X website is a normal website - ever people can reach out it and a different interface is Y that is only for its users who log in with this page to use the service. For to log in and use the service , the two companies have to make a contract. Now, B company has privacy policy on X website but does this privacy policy covers to Y interface ? or does the company has to put also on Y website privacy notification to login form? The functions of the visitor visiting a web page and the user are different. GDPR says inform everyone and get their consent, while it is possible to do this for visitors, what will be the method for users? Company A determines the people who will use the service of company B and it gives authorization. In this case, is company B obliged to separately inform the users authorized by company A? If yes,at where will it inform? Is it in the customer contract? Or will the privacy policy on the website suffice? I'm asking this because my manager is asking that there should be a notification on the page where user use their service log in? The source of this problem is: Even though companies have privacy policies on their websites, there is still a note on the collection and storage of information in the demo request form section. So, an information note is being considered again, is it necessary to apply this logic for the user as well? Sorry for taking so long to explain the question. I would be glad if you help. -
DPO and GDPR flowchart
1. Do you have a flowchart diagram for GDPR implementation similar to the one attached to this email (for ISO 27K1) ? 2. I am working for a firm which does not perform a lot of personal data processing and hence, does not need a DPO. In the toolkit what or who should I replace DPO with? as the DPO role is used all across the toolkit. -
Use of SCCs and TOMs
I have an EU customer requesting we add SCCs to our DPA. We are a company located in the US but have an EU instance on which all EU data is stored. None of the data in the application (email and IP address) is transferred across borders. EU data is stored on the GCP in ***. The customers is asking that we add SCCs as an appendix to our DPA (which is OK if it makes them feel better). However, they are asking us to also include a TOMs all of which is described in details in our SOC2 report and we are ISO 27701 certified. Is the TOM's mandatory since technically the SCCs are not since no data is transferred and we are just adding them SCCs to make this customer happy? -
Data controllers
My question is very specific about how to determine who is a 'data controller'. I have a project where some entities only receive questionnaires (containing personal data) from people who participate and then send them to other entities for evaluation. At first I had considered them 'data controllers', but since they only receive the questionnaires, without being able to see their content, nor do they dictate the reason for their processing or how it is done, I am not sure if I should consider them as such. -
EU GDPR Status
I purchased the Exam for GDPR DOP almost 7 months ago. I wish to restart the Training and write the exam this month. Please advise as to whether the Training is aligned with ALL of the Developments in EUGDPR over the Past 7 months. Can I restart the course from Module 1 with Assurance that it is current and Relevant? -
EU - Representative
Do you all have a group that would serve as a European Representative for a US company doing business in Europe as a GDPR Data Processor? Also, with the news on Friday that the US and EU have agreed to allowing data to be stored on US soil, does that mean that European patient data can be hosted on AWS platforms in USA, not needing an AWS platform in EU? -
GDPR E-mail Question
Hello, I have a quick question. For a website that doesn't store any cookies, if I place the e-mail address on the website as me@site.com but the e-mails send there aren't stored on a server, but forwarded to a gmail address, what are the requirements to be GDPR compliant (if any). Do I need to mention that the e-mails are forwarded to gmail? I will only receive emails on the address on the website, i won't do any e-mail marketing. Thanks! -
Privacy policy on my homepage
I have a quick question about a privacy policy on my homepage. I am not quite sure at the moment if my site uses Google Fonts. Can I still include this point in my privacy policy as a precaution, or can I explicitly list only the things that are used with 100% certainty? -
UK -GDPR
So my access to my company's facebook page was just revoked on fear that having someone outside the Uk as a page admin might make them non compliant to UK GDPR. I need to know if this is true -
Data transfers to 3rd countries
Hi! I would like to acquire an advice on how to approach data security obligations within an internationally based organisation which is headquartered in the UK. The company would be collecting data from a 3rd country and part of that data would be stored and processed in Serbia (by the company officers, within the organisations' premises, not 3rd parties). Would the organisation in this case be transferring personal data outside EEA? Storing and transferring would be done by the drop box cloud services. Thank you!