EU GDPR - Expert Advice Community



Create New Topic As guest or Sign in

HTML tags are not allowed

Assign topic to the user

  • Cross-border Transfer of Personal Data

    I have bought some of your GDPR templates and I am working through them now. I would like to know a bit more about cross-border transfer of personal data. We have good safeguards in place, but I need to know how this process should ideally be organized. Should we notify a DPA and get approval for the transfer? Is this always required and if so is there a preferred DPA or way to choose a DPA. Agreements that we sign with EU companies generally refer to England and Wales as governing law and this tends to be the preferred location for arbitration.

  • Destruction of printed confidential data

    Hi, I'm trying to validate internal guidance I have been provided that says that in order to comply with ISO27001 we cannot use our own shredders to dispose of our own media but MUST use an outside company to do this? We currently have our own locked shredders and have appointed personnel to dispose of the shredded media via re-cycling.

  • GDPR and Data Subject Request flow

    I want to know GDPR and Data Subject Request flow
    how to process and flow and who approved for right to be forgotten, etc..?

  • How to become GDPR compliant?

    How to become GDPR compliant, where can I store emails of customers/Clients? I would like to start an email database for my small business in order to have online bookings. How can I be sure I am compliant? Booking forms via Wordpress plug-in calendar, newsletter creation, and delivery. How do I create a GDPR pop up for the terms and conditions thereof?

  • GDPR compliance

    Hi - I do architectural plans for clients and I want to put all my projects online for future clients to browse. If I give no information on the clients, will this be GDPR compliant? If I give the address of the project, and all keep clients anonymous by name, well this be GDPR compliant?

  • The travel agencies services for the employees of other company

    Our company organized the public procurement process to provide business trip services (an insurance policy, the hotel reservation, the purchase of flight tickets and so on) for our employees. Our company transfers by email the data of employees to a winner – a travel agency and transfers the travel documents, prepared by the travel agency, to employees back. Who is a data controller and a data processor in that case?

  • Data controller or data processor

    Our company has signed an agreement with IT company for IT support services - to upgrade configuration of our internal ingformation management system and to provide IT support in the case of trouble. It is necessary for The IT company to get remote access to the system, including access to the personal data of employees. The IT company doesn't make any copies or any other actions with personal data. Is the IT company a data processor and do we have to sign an agreement between data controller and data processor according to the GDPR 28 article? Or, maybe it could be another kind of relationships concerning data protection between our company and IT company?

  • Retaining personal information

    I was trying to find the key stakeholders under GDPR.
    GDPR doesn't set a timeline on how long you must retain personal information of an employee, but what if we want to hold some of their information for auditing purposes, will this be allowed?

  • Privacy Policy for internal Employees and Privacy notice on Website

    I am confused between the content of the Privacy Policy for internal Employees and The content of the Privacy notice on Website.

  • Consent of Conference/Online and In-Person Attendees/GDPR

    I am working on some terms and conditions for attendance to our online education programs and also in person educational conferences. Some of our members/attendees are protected by GDPR as far as their data/live in the UK. We ask all attendees to accept the terms of registration for the conference to register and attend. If they don't accept - they can't register (it's a contract). As a part of the terms, we require that attendees consent to granting our organization a worldwide, unlimited, perpetual license to use photos/videos and comments from them with regard to the event they attend. We later use these materials in our marketing and education programs.

    Does what we are asking conflict with GDPR protections? The reason I ask is because from what I am reading under GDPR, an agency cannot require this kind of consent from a data subject as a term of a contract that, if the data subject does not consent, it's to the subject's detriment.

    In the case of my example, the conference attendees/data subjects must attend in order to gain the clinical certifications they are seeking.

    Maybe GDPR doesn't govern this type of thing??? But I want to be extra careful and also - we don't want to violate anyone's rights.

    Thank you so much!

Page 7 of 75 pages