Get a 20% discount on the first year of the Company Training Academy annual plan.
Limited-time offer – ends April 24, 2025
Use promo code:
CTA20

EU GDPR - Expert Advice Community

Home / EU GDPR

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit ISO 9001 Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS Internal Audit register of requirements Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Product: ISO 27001/Risk Assessment Table ISO 9001:2015 ISO27001
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • DPO and GDPR flowchart

    1. Do you have a flowchart diagram for GDPR implementation similar to the one attached to this email (for ISO 27K1) ? 2. I am working for a firm which does not perform a lot of personal data processing and hence, does not need a DPO. In the toolkit what or who should I replace DPO with? as the DPO role is used all across the toolkit.

  • Use of SCCs and TOMs

    I have an EU customer requesting we add SCCs to our DPA. We are a company located in the US but have an EU instance on which all EU data is stored. None of the data in the application (email and IP address) is transferred across borders. EU data is stored on the GCP in ***. The customers is asking that we add SCCs as an appendix to our DPA (which is OK if it makes them feel better). However, they are asking us to also include a TOMs all of which is described in details in our SOC2 report and we are ISO 27701 certified. Is the TOM's mandatory since technically the SCCs are not since no data is transferred and we are just adding them SCCs to make this customer happy?

  • Data controllers

    My question is very specific about how to determine who is a 'data controller'. I have a project where some entities only receive questionnaires (containing personal data) from people who participate and then send them to other entities for evaluation. At first I had considered them 'data controllers', but since they only receive the questionnaires, without being able to see their content, nor do they dictate the reason for their processing or how it is done, I am not sure if I should consider them as such.

  • EU GDPR Status

    I purchased the Exam for GDPR DOP almost 7 months ago. I wish to restart the Training and write the exam this month. Please advise as to whether the Training is aligned with ALL of the Developments in EUGDPR over the Past 7 months. Can I restart the course from Module 1 with Assurance that it is current and Relevant?

  • EU - Representative

    Do you all have a group that would serve as a European Representative for a US company doing business in Europe as a GDPR Data Processor? Also, with the news on Friday that the US and EU have agreed to allowing data to be stored on US soil, does that mean that European patient data can be hosted on AWS platforms in USA, not needing an AWS platform in EU?

  • GDPR E-mail Question

    Hello, I have a quick question. For a website that doesn't store any cookies, if I place the e-mail address on the website as me@site.com but the e-mails send there aren't stored on a server, but forwarded to a gmail address, what are the requirements to be GDPR compliant (if any). Do I need to mention that the e-mails are forwarded to gmail? I will only receive emails on the address on the website, i won't do any e-mail marketing. Thanks!

  • Privacy policy on my homepage

    I have a quick question about a privacy policy on my homepage. I am not quite sure at the moment if my site uses Google Fonts. Can I still include this point in my privacy policy as a precaution, or can I explicitly list only the things that are used with 100% certainty?

  • UK -GDPR

    So my access to my company's facebook page was just revoked on fear that having someone outside the Uk as a page admin might make them non compliant to UK GDPR. I need to know if this is true

  • Data transfers to 3rd countries

    Hi! I would like to acquire an advice on how to approach data security obligations within an internationally based organisation which is headquartered in the UK. The company would be collecting data from a 3rd country and part of that data would be stored and processed in Serbia (by the company officers, within the organisations' premises, not 3rd parties). Would the organisation in this case be transferring personal data outside EEA? Storing and transferring would be done by the drop box cloud services. Thank you!

  • Standard Contractual Clauses template

    How can I acquire the UK Employee Clauses (Standard Contractual Clauses) template?   I purchased the GDPR & ISO combination Toolkit from Advisera a few years ago;  is this template available as an add on to the Toolkit or as a  Separate Purchase from Advisera?  I serve as a DPO (Data Protection Officer) as our HR department wants to add this to the employee handbook for our UK employees
Page 6 of 97 pages