EU GDPR - Expert Advice Community



Create New Topic As guest or Sign in

HTML tags are not allowed

Assign topic to the user

  • GDPR topics

    I have a couple of questions that I am looking to get some answers to:
    1. Is the GDPR applicable for individuals as well as companies?
    2. If I am an individual booking safari trips for European customers is the GDPR applicable?
    3. Is social security number or similar considered personal data?
    4. Is it legal to require copies of passports to the tourists?
  • Condominium administrator

    I own a home. The administrator yesterday informed us that for the adaptation to the GDPR every administrator and every tenant and / or owner must attend a course for EVERY condominium administered. (repetita iuvant?) I believe, but I am not very expert in this area, that the certification for the administrator is a binding condition for the performance of the professional activity. Among other things, the administrator tells us that the cost is borne by the tenants/owners. Can you please give me some explanations?

  • Questions regarding GDPR

    I represent a hair implant clinic and I have some questions regarding GDPR.
    1. Is the GDPR applicable to the clinic if we have EU customers?
    2. We ask for some information form possible patients details about their health conditions and allergies. Is there any specific conditions to comply with?
    3. Do we need a DPO?
    4. Do we need to ask for consent before asking the health data?
    5. We have a contract with a hotel where we keep the patients after the procedure. We send them the names of the patients to the hotel. Do we need to do something?
    6. How much would it take to be compliant with GDPR?
    Thank you in advance
  • Applicability of EU GDPR

    Can u explain a bit more on profilin?

    GDPR application part says gdpr is applicable to all companies in the world that process personal data of EU residents. Some parts it is used EU citizens.. I mean EU residents not necessarily be the EU citizens. How it is going to make the difference

  • Standard Contractual Clauses

    Hi. There are currently two Standard Contractual Clauses - 'Controller to Controller' and 'Controller to Processor'. They are both built for the Controller to be the exporter of the data. We are an EU based company who will be receiving data from a Non EU based company. The Non EU based company is the controller of the data and we are the processor.

    My understanding is that the Controller sending the data does not need to take action when sending us the data as their government deems the EU laws 'adequate'. However, we carry out work on the data and then need to return the data file to the Controller (outside the EU). What actions does there need to be in place for this, if any? I do not see a Standard Contractual Clause that would cover this currently i.e a Processor exporting data back to a Non EU Controller.

    Your advice would be appreciated



  • GDPR Implementation Duration

    I would like to inquire about GDPR Implementation Duration, how long this process takes?
    I'm going to implement this standard for a translation agency - medium size business.

  • Consent for taking pictures and videos

    We made pictures and videos for an event for our marketing but did not have the necessary forms filled out by the participants and we did not hang up the information boards as we go further now.

  • Privacy questions

    1. Are there any available GDPR certifications?
    2. How do I start with mapping my processing activities?
    3. Is there any video surveillance policy available in the toolkits?
    4. I am negotiating with a Data Processing Contract with an insurance company. Are these companies controllers or processors?
    5. How can I best present a privacy notice? Do clients need to sign the notice?

  • EU GDPR compliance on websites

    I need to comply to GDPR rules and I need to know what to put on my website to comply with GDPR?
  • GDPR Compliance

    1. We have an internal collaboration application in our Organization (that each employee has his/her own Profile, Posts …etc.) that is connected to Active Directory that access some employees personal data. This application is accessing all our internal systems such as Travel System, Suppliers System, Compensation & Benefits, HR systems ..etc.
    Based on this case, do you believe that we need to ask our employees to sign a consent for processing their personal data, taking into consideration that the employment contract includes a section for Confidentiality of Information that doesn’t include any sentence related to personal data processing only copyrights and confidentiality of project/company-related information disclosure.

    2. Our Internal Systems (HR, are using cookies, Do we need to create/add a pop-up message with a link to our Cookies Policy in the pop-up box message?

    3.  As mentioned above, we have Confidentiality of Information section stated in the employment contract, Is this section sufficient or do we need to ask our Employees to Sign NDA (non-disclosure agreement) that include a special section for GDPR Compliance requirements specifically.

Page 6 of 66 pages