Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Data privacy policy and Data protection policy
What is the difference between data privacy policy and data protection policy, does a company need both? -
Need for DPO
I understood that not all companies require a DPO, except for Public Authority and companies engaged in large scale processing of Personal Data. What would be considered as Large? -
Processor/Controller
1.It is not a processor always a supplier too and vice versa is not a supplier always a processor too. If so, when do we apply the processor agreement and when the supplier agreement? -
GDPR component for cookie consent
We are currently struggling with understanding the GDPR component for cookie consent. We are using cookiebot.com for the notification pop up, and there are two methods for consent - active and explicit. Explicit consent is definitely compliant, whereas active consent is a bit vague in the GDPR requirements. We are trying to understand whether active consent we can implement "when website visitors ignore the dialog, they consent to the cookies by the continued use of the website" would be compliant with the GDPR? Our pop up would state "By ignoring this consent box, you agree to the cookie collection" and would have two clear buttons - opt out from cookies and opt in. -
GDPR for Non-governmental organization
1. I represent an NGO based in Brussels, whose members are based outside the EEA. Does GDPR apply to our communication with them? Concretely, do we need to send them privacy notices explaining why we process their data and under which legal basis? -
Data transfer
Some questions that we do not get answered correctly with the help of this toolkit are the following: -
GDPR Application in Case of EU Nationals Living Outside UAE
We are an organization based in United Arab Emirates, to assess applicability of GDPR we have conducted a survey with our business unit and found out that we are offering services/products to EU nationals but they are not residing in EU, they are residing in UAE. In this case would the GDPR be applicable? -
Transferring personal data
1. We also need to use cross border agreement when using a third party supplier not established in the EU/EEA and which is not under the adequacy decision. Would it be ok to change the text in the following way processing of personal data is carried out by subsidiaries or third party suppliers of the Company which are based in other Member States; -
Assessing data breaches
Under GDPR I believe we are obligated to notify customers of a data breach when that breach “is likely to result in high risk to the rights and freedoms of the data subject”. -
Retention period and Data processor agreement
1. Retention period – we are looking into the data retention period and would like to know if it is a must to define maximum retention period. We mainly process the job application data. Will it be a violation if we get consent from candidates that “we will keep the data for as long as the candidate wants us to source for employment opportunities”?