Get a 20% discount on the first year of the Company Training Academy annual plan.
Limited-time offer – ends April 24, 2025
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Meeting the requirements of the Regulation
If someone has subscribed to receive communications from us (for example, we have an E-alert service on our website), do these people need to opt back in to GDPR? We have gotten emails from a few companies asking us to re-subscribe to continue receiving information, but I wasn’t sure if this was considered mandatory under the GDPR, as technically, the individuals had already subscribe of their own accord, pre-GDPR. Hope that makes sense, and thanks in advance for your help. -
DPIA Register template
There is EU GDPR Documentation Toolkit and DPIA Register template in it, it is written in description that: A document used by the organization to document the Data Protection Impact Analysis – it consists of the Threshold questionnaire that analyzes which data processing activities need to be analyzed and the DPIA questionnaire that assesses the risks and defines the security measures/safeguards. My question: Does that include risk database or that is spreadsheet I can fill myself only? Another words, do I need to identify a risk myself or there is a list of some I can choose from ? -
Policies and procedures
For the templates provided in the toolkit and the procedures and policies listed as mandatory. How much can we edit the procedures and policies and still ensure compliance? I see there are comments in some documents that specify that this can not be deleted, as it is mandatory by law, does this apply for all of the documentation provided by the toolkit? -
Consent form
Hi I am launching a new company which requires the collection of personal data to be used for a pilot study. I would like a consent form which complies with the new GDPR. Can you help? -
GDPR Implementation
So once I have all my policies and processes in-place, what is the best way for me to determine that all the teams in my organisation are in compliance on a day-to-day basis? I intend to use a framework such as BS10012 or ISO27552, but I'm not sure if there is a need to be more granular. It's my belief there is an onus on everyone, and heavily on managers/team-leaders, to make sure they are following the new practices. Thought welcome please. -
Collecting consent
We operate a call center. My GDPR consultant said I can state intention and collect consent via the same method (phone) that the PII was collected. This test questions disagrees? -
GDPR related question about SPAM email
Hello, I have a GDPR related question about SPAM email. I got a spam email from some random company which I haven't used any services from and I didn't give them my information. And on the bottom of the email, it says something like "if your unsubscribe link doesn't work, please send us an email...Related to local regulations, this email can't be treated as SPAM because it includes contact information about the sender and you have the option for unsubscribing". I checked the local (Croatian) law, and it says something like that companies can use contact information from their users/customers/ in the cause of sales, promotion with the possibility of unsubscribing. I never gave them my contact information. How could we look at this from the EU GDPR context? -
Appendix for Inventory of Processing Activities
When preparing the Appendix for Inventory of Processing Activities, the categories of personal data should be attribute specific such as name, phone number, address etc ….. or can it be just categorized as personal data or sensitive personal data without listing each attribute being processed? -
Incentives to collect opt-ins from user
To what extent can a controller provide incentives to collect opt-ins from users? -
Specific consent
So for instance, do we need specific consent from clients in order to process personal data in pipe drive?