I am from *** and my business is located in ***, we are providing Paas And Iaas Services to a bank in Europe, I will be able to see the data directly but hot having the control to transferor copy, i want to know will GDPR have provision for that, so can you provide the information?
Question regarding Data Breach Response Team
I have a question regarding the "Data Breach Response Team".
Should the DPO be a part of that team or is it sufficient to be a part of the process itself (by working in close collaboration with the Team) without being part of the Team that investigates the breach?
What is Advisera's recommendation on this issue?
American company going to do business with European clients to maintain health data on their patients. Will be hosting in AWS cloud. Is your standard set of templates inclusive of all I need? Does data have to be hosted in European cloud site???
Addressing Impact Assessment (DPIA) requirement
Does risk assessment and treatment according to ISO 27001 a Data Protection address Impact Assessment (DPIA) requirement? what is the difference between these two?
Right to Erasure
Hi, I work for a cloud hosting provider, and I have a question related to the right of erasure. Our users rent server space from us, and upload their own data to the servers to complete tasks. We do not directly collect this data from them, but we do take necessary measures to backup their data and to ensure they are protected against data loss while they are paying for the services. So we have two data stores: the customer's server account, and the backup of the customer's server account. Under the GDPR, are we obligated to erase this data if a customer requests it? We did not explicitly request this data from the customer, and we do not process it in any way, other than preserving the data on the server and backups.
1.Can DPO have another role in the company except this one?
2.Can a DPO be an external consultant/contactor
Available state statistics
Can State institutions make available statistics on small numbers of persons by nationality, if it is a small state and there is a risk of being identified?
Criteria to distinguish between deleting and not deleting data
We are a processor of personal data, some of this data are anonymized and some are not - if the controller forwards us a request to delete data of a particular data subject, do we also need to delete the anonymized data? What is the criteria to distinguish clearly between the data we need to delete and the data we do not need to delete?
Consulting clients who must be GDPR compliant.
We are a media advertising company located in U.S. Our clients are pharmaceutical companies marketing in both US and EU. We do not control or process EU citizen data, but our clients do. Therefore, they need to be GDPR compliant. What steps can WE take to best consult/advise our clients on GDPR issues? Appointing a Data "privacy" officer or GDPR manager seems like overkill.