EU GDPR - Expert Advice Community

Home / EU GDPR

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 ISO 9001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS Internal Audit register of requirements Certification Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Product: ISO 27001/Risk Assessment Table ISO 22301
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Are we a data processor or controller?

    My company rents out office space and meeting rooms to other organisations. So those organisation are our customers with whom we have a contractual relationship. As part of the office space rental, the staff at the organisations can book meeting rooms. This means that we process the name, contact email and organisation name so that we know who is renting office space, who to bill, and who can book meeting rooms. In this situation, are we a controller or a processor? Should we be signing a data processing addendum?

  • Marketing emails

    1. Can I send a message via email to customer that did not finish placing their order (so they added an item/items to the basket and did not go forward)?

  • DPIA Register template

    1. Can the DPIA Register (05.2) template be used as it is or it needs to be edited to fit our business?

  • Data subject access request procedure

    Opinions given in confidence or protected by copyright law – The Company does not have to disclose personal data held in relation to a data subject that is in the form of an opinion given in confidence or protected by copyright law.

  • Opt-in checkboxes

    Do we need to have separate opt-in checkboxes for e-mail, phone, text or can there be one opt-in checkbox that encompasses all 3 channels?

  • Contracts with sites within EU

    We have a contracts with sites within EU - with individuals and with companies. Do we have to get Data Subject Consent forms from them?

  • Subject access request

    Upon receipt of Subject access request, the procedure says to ask for 2 forms of ID. How soon do we have to ask this? If we leave it for 29 days, then they pass the ID verification, does 30 day period begin again? Also it says data subject to submit DSAR in prescribed form – which is this?

  • VAT number

    We have recently taken over an online store directed to German customers, we are registered for VAT purposes in various countries including Germany. Should we -in details of our company available for our customers so like in the terms and conditions, privacy policy, include our main VAT number (so the GB one) or also or only the DE VAT Number?

  • server

    Is it a must to have our server in Europe? Could we store the data and have the server outside the Europe?

  • Change of Privacy policy

    Do I need to inform all my customers that my privacy policy has changed to comply with GDPR? Or only those that are subscribed to receive marketing information form me via email?
Page 68 of 97 pages