Is there a version of the GDPR document package, or additional documents that are intended for data processors? I purchased the original EU_GDPR_Documentation_Toolkit, but I really only see documents for data controllers.
We have already resolved the question about customers in B2B environment, but why doesn't appear in the scope the "customers employees" category..? What the difference between “customers" and “suppliers" from this point of view of their employees..?
1. How to conduct PIA or DPIA?
EU GDPR document
In document 6.2 the title reads "Standard contractual clauses for the transfer of personal data from the Community to third countries (controller to controller transfers)- “the community” would appear to need to be changed to “Company”. Please can you confirm.
EU GDPR questions
1. My question is what documentation do we require and what are our responsibilities for both managed and unmanaged services.
What would be the appropriate method of verifying the ID of the person who submits a DSAR, more specifically, if the request isn’t done in person (ie. by phone or e-mail)?
Instead of using an external 'independent' audit team from a third party, can we setup an internal audit team that is separate from those who currently manage our security, IT and GDPR processes to audit how well our company is implementing and adhering to our GDPR policies?
In section 7 of the DSAR Procedure document I have some questions.
Controller/Processor and DPO
Our company provides a School Information/Management System to schools worldwide. The schools determine what data they want to collect about the families/students and how they will use it in regards to the operation of the school. We develop, maintain and operate the database where all of this information is stored and accessed by numerous entities in the school and including parents. Employees from our company also access the school site to help in training, importing data into our system, and of course customer support.
Steps to become GDPR compliant
I work for a Company that develops telemedicine software. Our software is HIPAA compliant. Recently, we received one client request to be GDPR compliant. Could you please guide me how approximately it would take to become GDPR compliant both in terms of cost and time.