SPRING DISCOUNT
Get 30% off on toolkits, course exams, and Conformio yearly plans.
Limited-time offer – ends April 25, 2024
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Payments
Working on a data process audit and if there is any info on how best to record and justify taking payments of different types - card/cash/cheque/PayPal that would be really helpful and what is the legal basis under GDPR for taking credit card payments? -
Data transfer outside of the European Union
1: Which country is considered as a safe place to transfer information to according GDPR? USA, China, India, Russia. -
Transfer of the personal data
We are a company offering training courses. One of our clients is based in the Middle East. One of our trainers goes to the middle east to deliver training to people who reside in countries outside of the EU. Our trainer collects their names in order to produce their training certificates back in the UK. How does transfer of their personal data to the EU relate to GDPR given that they do not reside in the EU, and collection of the data is outside the EU? -
Disposal of Commercial Shredded Paper
We have Sales Representatives all over the country that work from home. We would like to know if they can shred customer sensitive related paperwork at home and put it in the domestic waste? -
Threshold questionnaire
In the toolkit and in the course is mentioned the "Threshold questionnaire" (Data Protection Impact Assessment Methodology - 5.2). Where can I find it? Is it part of the documentation?" -
Data Processing Agreement and Data Processing Addendum
Dear Sir, We usually have our on bilateral commercial agreement with our service provider/partner/supplier. After the implementation of the GDPR, we need to issue another Data Processing Addendum to our partner/supplier. How about the agreement sign after the 25 of May 2018 onward? Do we still need to sign a commercial agreement + Data Processing Addendum? or just All in One agreement with our partner/supplier/service provider? what is the different between Data Processing Agreement and Data Processing Addendum? Please advise. Thanks! -
Adapting documentation language
We have companies in multiple EU countries, ex Belgium, Nederlands, Romania. Do we need the templates in each countries language or we can use the EN language? -
Existing contracts and GDPR
Are our existing contracts good enough, or do we need to amend them with some GDPR specific clauses? -
Processing of sensitive personal data
We have a customer who has a presence in the EU (US Headquarters). They provide us the race and ethnicity of their employees as part of our processing their data for talent assessment and succession planning. The process involves issuing questionnaires to employees and we’re often gathering information not provided by our customer (the employer). For example, an employee is asked to rate his/her own fluency in various languages where the company operates. Currently, we do not have a mechanism for the employee to correct race/ethnicity information, but presumably there is a mechanism to fix it with their human resources department. To me, it appears that we and they are violating GDPR rules against processing this data and placing it in reports. -
The training and awareness program
In the Toolkit, there are templates that allow the fulfillment of the tasks Responsible for the treatment or of the DPO regarding awareness and training of external and internal staff?