EU GDPR - Expert Advice Community

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Assign topic to the user

  • Use of SCCs and TOMs

    I have an EU customer requesting we add SCCs to our DPA. We are a company located in the US but have an EU instance on which all EU data is stored. None of the data in the application (email and IP address) is transferred across borders. EU data is stored on the GCP in ***. The customers is asking that we add SCCs as an appendix to our DPA (which is OK if it makes them feel better). However, they are asking us to also include a TOMs all of which is described in details in our SOC2 report and we are ISO 27701 certified. Is the TOM's mandatory since technically the SCCs are not since no data is transferred and we are just adding them SCCs to make this customer happy?
  • Data controllers

    My question is very specific about how to determine who is a 'data controller'. I have a project where some entities only receive questionnaires (containing personal data) from people who participate and then send them to other entities for evaluation. At first I had considered them 'data controllers', but since they only receive the questionnaires, without being able to see their content, nor do they dictate the reason for their processing or how it is done, I am not sure if I should consider them as such.
  • EU GDPR Status

    I purchased the Exam for GDPR DOP almost 7 months ago. I wish to restart the Training and write the exam this month. Please advise as to whether the Training is aligned with ALL of the Developments in EUGDPR over the Past 7 months. Can I restart the course from Module 1 with Assurance that it is current and Relevant?
  • EU - Representative

    Do you all have a group that would serve as a European Representative for a US company doing business in Europe as a GDPR Data Processor? Also, with the news on Friday that the US and EU have agreed to allowing data to be stored on US soil, does that mean that European patient data can be hosted on AWS platforms in USA, not needing an AWS platform in EU?
  • GDPR E-mail Question

    Hello, I have a quick question. For a website that doesn't store any cookies, if I place the e-mail address on the website as me@site.com but the e-mails send there aren't stored on a server, but forwarded to a gmail address, what are the requirements to be GDPR compliant (if any). Do I need to mention that the e-mails are forwarded to gmail? I will only receive emails on the address on the website, i won't do any e-mail marketing. Thanks!
  • Privacy policy on my homepage

    I have a quick question about a privacy policy on my homepage. I am not quite sure at the moment if my site uses Google Fonts. Can I still include this point in my privacy policy as a precaution, or can I explicitly list only the things that are used with 100% certainty?
  • UK -GDPR

    So my access to my company's facebook page was just revoked on fear that having someone outside the Uk as a page admin might make them non compliant to UK GDPR. I need to know if this is true
  • Data transfers to 3rd countries

    Hi! I would like to acquire an advice on how to approach data security obligations within an internationally based organisation which is headquartered in the UK. The company would be collecting data from a 3rd country and part of that data would be stored and processed in Serbia (by the company officers, within the organisations' premises, not 3rd parties). Would the organisation in this case be transferring personal data outside EEA? Storing and transferring would be done by the drop box cloud services. Thank you!
  • Standard Contractual Clauses template

    How can I acquire the UK Employee Clauses (Standard Contractual Clauses) template?   I purchased the GDPR & ISO combination Toolkit from Advisera a few years ago;  is this template available as an add on to the Toolkit or as a  Separate Purchase from Advisera?  I serve as a DPO (Data Protection Officer) as our HR department wants to add this to the employee handbook for our UK employees
  • GDPR - Collection of marketing consent from consumers

    I am working on a web portal where customers can manage how we contact them. It has been suggested that we could remove the postal option in order to save money, however I want to check this is permitted and whether it could be seen as exclusionary i.e. that we should offer marketing via all methods including post.
Page 6 of 97 pages