EU GDPR - Expert Advice Community



Create New Topic As guest or Sign in

HTML tags are not allowed

Assign topic to the user

  • E-privacy laws compliance

    Hi, I'm trying to understand what my company needs to do to ensure we are compliant with e-privacy laws. Can you help? My company currently stores some personal data of clients and we use this data to send out communications like newsletters etc. I need to know what we should be doing to ensure we're compliant with the e-privacy laws in the EU?

  • EU GDPR Readiness Assessment - Supervisory Authority

    1. In Q23, of EU GDPR Readiness Assessment
    23) Is a process in place to ensure the appropriate supervisory authority is notified within 72 hours of a confirmed data breach?
    Who would the "Supervisory Authority" be? If in the US, who? If in the EU who?

    2. Basically, who is to be notified within 72 hours of a confirmed data breach? 

  • GDPR privacy policy - and Facebook

    Hi - I have a small 'consulting" group, and I occasionally post various things I've done over the years that have done me well, and maybe some that didn't work out so well. I use referral links and network affiliate links and tell everyone that I will get compensation for them - but if they follow the directions on the site they can do the same, etc etc. do I need a GDPR policy somewhere, or do I just have to comply. It's a Facebook business page. I don't collect money or anything. I don't sell products.

  • Email Addresses, Public Domain and US, India and EU Data Protection

    We are considering an email list campaign, where offer authors a list of active niche book bloggers and their email addresses. This information is highly sought after and might be considerably successful. That being said, the GDPR aspect is a potential roadblock. Most of these email addresses were on listed on their website, which leads me to believe it would be public domain and free to hand out. However, they are from different countries, primarily the US, the EU and India. Therefore, I am curious if this campaign would be a smart idea, legally speaking from a data standpoint.

    I would be very eager to hear your thoughts on this.

  • Is customer consent needed?

    Hello, could you please advise if I need to ask for customer consent when using an application for delivering their projects like Jira or Microsoft office for example? Thank you in advance!

  • EU GDPR form and permission

    I have to do a research project for my diploma and I am wondering what form do I need? The information will be kept locked away but I need to have permission to use the information to present my findings in a classroom but also in case a moderator wishes to see the work.
    There are two individuals I wish to interview, the diploma I am doing is therapeutic counseling.

  • Data Protection Officer as a legal counsel

    In your Data Protection Officer Job Description is is quoted:"In order to prevent any case of conflict of interests, a Data Protection Officer should not hold a position within a company that leads him to determine the purposes and means of processing of personal data." My question is, can a Data Protection Officer be a legal counsel within a company?

  • Audit of completed erasure

    I have a GDPR question that’s not related to DPIAs and has been bugging me since I went through our GDPR documentation (from your kit – thank you 😊). 

    We make software that is sold as a product but also offered SaaS. My question is related to the Right to Erasure. The product has a directory database in it which holds, at minimum, business contact details. 
    By design, there is no reason for the directory to hold anything more, although we do allow custom fields to be labeled an populated with anything. We have a Privacy module that allows a nominated set of DP users (either the customer or our managed services team) to run a “forget” process. This anonymizes all data held in the SQL warehouse and directory relating to the forgotten person. 

    The questions I have are:

    1. Do we need to have an audit of a completed erasure?
    2. If we have one and use the forgotten person’s name with no way to reverse engineer the process, is that compliant? 

    My dev team wants to have an audit trail to demonstrate that the process has been performed, and that is my preference as well, but without the name, it is pretty pointless.

  • Preparing an e-mail policy

    The case: I would need to prepare an “e-mail policy”, that should include aspects of e-mail use, sending e-mails containing personal data, may be, e-mail encryption, etc.
    I guess, that these aspects should be mentioned somewhere in the integrated toolkit, but could not find easily.
    Could you be so kind and point me to folder or document in the toolkit?

  • Double Option

    1. Is double option mandatory In Europe and if yes where I can see in what countries it is?

    2. To fulfill a form is always and in all the countries obligated to add the checkbox for marketing activities?

Page 6 of 75 pages