EU GDPR - Expert Advice Community

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Assign topic to the user

  • GDPR - Collection of marketing consent from consumers

    I am working on a web portal where customers can manage how we contact them. It has been suggested that we could remove the postal option in order to save money, however I want to check this is permitted and whether it could be seen as exclusionary i.e. that we should offer marketing via all methods including post.
  • GDPR

    I am from *** and my business is located in ***, we are providing Paas And Iaas Services to a bank in Europe, I will be able to see the data directly but hot having the control to transferor copy, i want to know will GDPR have provision for that, so can you provide the information?
  • Question regarding Data Breach Response Team

    I have a question regarding the "Data Breach Response Team". Should the DPO be a part of that team or is it sufficient to be a part of the process itself (by working in close collaboration with the Team) without being part of the Team that investigates the breach? What is Advisera's recommendation on this issue?
  • Document Set

    American company going to do business with European clients to maintain health data on their patients. Will be hosting in AWS cloud. Is your standard set of templates inclusive of all I need? Does data have to be hosted in European cloud site???
  • Addressing Impact Assessment (DPIA) requirement

    Does risk assessment and treatment according to ISO 27001 a Data Protection address Impact Assessment (DPIA) requirement? what is the difference between these two?
  • Right to Erasure

    Hi, I work for a cloud hosting provider, and I have a question related to the right of erasure. Our users rent server space from us, and upload their own data to the servers to complete tasks. We do not directly collect this data from them, but we do take necessary measures to backup their data and to ensure they are protected against data loss while they are paying for the services. So we have two data stores: the customer's server account, and the backup of the customer's server account. Under the GDPR, are we obligated to erase this data if a customer requests it? We did not explicitly request this data from the customer, and we do not process it in any way, other than preserving the data on the server and backups.
  • DPO questions

    1.Can DPO have another role in the company except this one? 2.Can a DPO be an external consultant/contactor
  • Available state statistics

    Can State institutions make available statistics on small numbers of persons by nationality, if it is a small state and there is a risk of being identified?
  • Criteria to distinguish between deleting and not deleting data

    We are a processor of personal data, some of this data are anonymized and some are not - if the controller forwards us a request to delete data of a particular data subject, do we also need to delete the anonymized data? What is the criteria to distinguish clearly between the data we need to delete and the data we do not need to delete?
Page 7 of 97 pages