Is there any examination required before someone becomes GDPR Consultant?
GDPR - Supervisory Authorities
We are a business operating offices in the UK, Canada, US and Australia but each business is a separate legal entity. As far as GDPR is concerned, we collect PII from EU citizens in the UK and that data is sent to our US offices for further processing. That data may also be partially shared with our Australia and Canada offices. In terms of the types of Supervisory Authorities how do we determine where we need to have a Supervisory Authority, a Lead Supervisory Authority, and a Local Supervisory Authority? Do we need to just determine an SA only for the UK or since we’re transferring data to a 3rd country, do we also need to determine a Lead SA/Local SA?
Data importer and Data exporter
What is the definition and role in GDPR for data importer and data exporter?
SaaS providers and EU GDPR
We use SaaS vendors quite a lot in our company. How can we fulfill the requirement of having signed Supplier Data Processing Agreements with large SaaS vendors, for example an IBM, Microsoft, Cisco, etc., who are unlikely to sign something like that? Then, at the other end of the size spectrum, how about small vendors who we pay something like $50/mo. who have probably never dealt with GDPR? For example, a small SaaS vendor that hosts calendaring and appointment schedule for our clients.
Processing of publicly available personal data
How does the GDPR apply to software that is crawling the web and gathering publicly available email addresses (in order to help others quickly find business emails connected to a domain)? This is public data (not collected from individuals, but found on websites and also found on Whois). But the what that bothers me is that the data has to be cached/stored so that the software can work and that could be problem. I would really appreciate if you could point me in the good direction of my research. So far I found nothing very relevant (except that for example Whois is still in debate with GDPR representatives).
Applicability of EU GDPR
I work for an American organisation who owns companies all over the world including UK and Europe.
EU GDPR requirements for data controller and data processor
Have you come across EU requirements that Controller and Processor have to be assessed/Certified to hold these positions?
As we prepare for GDPR compliance, being a business that has operations in and transfers EU data subject data to the UK, US, Canada and Australia, would it be a good idea to follow the EU-US Privacy framework or should we consider something else since there’s uncertainty about its ratification?
Data mapping for GDPR
I'm security manager for a university. I would like some advice on how best to approach data mapping for GDPR. We have compiled an information asset register, but this doesn't take account of all our data footprint, so I'm thinking we need to run a discovery tool to verify the results, but they are quite costly. What are your thoughts?
GDPR compliance for accountancy business
I run an accountancy business it’s a limited company and I am the only employee and have no intention employing anyone else. I have 150 clients a blend of sole traders and limited companies and want to know what I have to do - in simple terms to ensure I am compliant with the new legislation?