Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Existing contracts and GDPR
Are our existing contracts good enough, or do we need to amend them with some GDPR specific clauses? -
Processing of sensitive personal data
We have a customer who has a presence in the EU (US Headquarters). They provide us the race and ethnicity of their employees as part of our processing their data for talent assessment and succession planning. The process involves issuing questionnaires to employees and we’re often gathering information not provided by our customer (the employer). For example, an employee is asked to rate his/her own fluency in various languages where the company operates. Currently, we do not have a mechanism for the employee to correct race/ethnicity information, but presumably there is a mechanism to fix it with their human resources department. To me, it appears that we and they are violating GDPR rules against processing this data and placing it in reports. -
The training and awareness program
In the Toolkit, there are templates that allow the fulfillment of the tasks Responsible for the treatment or of the DPO regarding awareness and training of external and internal staff? -
Supervisory authority
How do I determine who the supervisory authority is? -
Processor Sub Processor Agreement
For the prepaid airtime, all the prepaid airtime supplier deal with the supplier and service provider and supplier, we are all processor and sub-processor and it is bilateral way. how do we draft it in processor sub processor agreement? as we all could be both processor and sub processor at any time. we cant put it as A is a processor, B is a sub processor, however the relationship and status changed as A could be sub processor and B could be processor at anytime, as their identity or status always change due to bilateral. How should we identify both Party and draft it in the agreement? Please advise. Thanks -
GDPR compliance queries
As 25-May is approaching, we have few queries about GDPR compliance. -
GDPR documents
I have just finished off our GDPR documentation, and wondered why you haven’t included in your GDPR pack the following process documents: -
Data Subject Rights under the EU GDPR
If we, as a Processor, get a DSAR, we are not supposed to respond to it, correct? We are supposed to alert the controller of the data so that they can respond. And that response might require some cooperation or action from us, correct? -
GDRP - Transfer to the US
My company is based in the US but has several affiliates / subsidiaries in the EU. -
Data Breach Response and Notification Procedure
In the document 9.1_Data_B reach_Response_and_Notification_Procedure_EN.docx, section 11 ‘Managing records kept on the basis of this document’, you have a table with a number of sample records. I am struggling to understand some of the examples you provided.