There is EU GDPR Documentation Toolkit and DPIA Register template in it, it is written in description that: A document used by the organization to document the Data Protection Impact Analysis – it consists of the Threshold questionnaire that analyzes which data processing activities need to be analyzed and the DPIA questionnaire that assesses the risks and defines the security measures/safeguards. My question: Does that include risk database or that is spreadsheet I can fill myself only? Another words, do I need to identify a risk myself or there is a list of some I can choose from ?
Policies and procedures
For the templates provided in the toolkit and the procedures and policies listed as mandatory. How much can we edit the procedures and policies and still ensure compliance? I see there are comments in some documents that specify that this can not be deleted, as it is mandatory by law, does this apply for all of the documentation provided by the toolkit?
Hi I am launching a new company which requires the collection of personal data to be used for a pilot study. I would like a consent form which complies with the new GDPR. Can you help?
So once I have all my policies and processes in-place, what is the best way for me to determine that all the teams in my organisation are in compliance on a day-to-day basis? I intend to use a framework such as BS10012 or ISO27552, but I'm not sure if there is a need to be more granular. It's my belief there is an onus on everyone, and heavily on managers/team-leaders, to make sure they are following the new practices.
Thought welcome please.
We operate a call center. My GDPR consultant said I can state intention and collect consent via the same method (phone) that the PII was collected. This test questions disagrees?
GDPR related question about SPAM email
Hello, I have a GDPR related question about SPAM email. I got a spam email from some random company which I haven't used any services from and I didn't give them my information. And on the bottom of the email, it says something like "if your unsubscribe link doesn't work, please send us an email...Related to local regulations, this email can't be treated as SPAM because it includes contact information about the sender and you have the option for unsubscribing". I checked the local (Croatian) law, and it says something like that companies can use contact information from their users/customers/ in the cause of sales, promotion with the possibility of unsubscribing. I never gave them my contact information. How could we look at this from the EU GDPR context?
Appendix for Inventory of Processing Activities
When preparing the Appendix for Inventory of Processing Activities, the categories of personal data should be attribute specific such as name, phone number, address etc ….. or can it be just categorized as personal data or sensitive personal data without listing each attribute being processed?
Incentives to collect opt-ins from user
To what extent can a controller provide incentives to collect opt-ins from users?
So for instance, do we need specific consent from clients in order to process personal data in pipe drive?
Privacy Notices Under the EU GDPR
As an Organization, we don’t have any European Employees (Citizens) working in our company . However the sales team works with the European Customers and has the names, phone numbers and the email IDs that are stored only in the Database. We don't share these data to anybody and uses these data only to communicate to the respective Customers. Do we need to get the consent from these European Customers and how do we get the Consent from each individual European Customer for maintaining the data at our side?