I would like to clarify if supplier information provided to my organization such as Name , address, email address on invoices should be treated as personal data under GDPR. Is B2B out of scope?
The kind of information I am looking for is whether a website will be able to automatically serve location-based content. Since this require the website to identify the user's location (considered personal data under the GDPR) - would users need to agree to the website extracting this information automatically?
Cross border processing
I would like to know if cloud services are considered as “cross border processing” like google or Microsoft?
I'm going through the personal data protection policy. There's a section on supervisory authority.
Consent and Privacy notice
If possible, I would just need a few clarifications:
Personal data visibility
I have another question for you about GDPR implementation.
GDPR in school
We came across another weird situation. There is a German based school in the US that we supply our product to. This is a school for children of EU citizens that currently live in the US and send their children to this school.
As a German company may we create the documents in English only?
A small IT organization manages another companies IT infrastructure. Though they do not actually "view or access" the records of the controllers data, they do move files and perform everyday automated functions (backups for example) and also perform manual restores or changes to file permissions for example. They are therefore a Processor, but should each activity be logged / recorded ?
Creation of the GDPR privacy notice
I am hoping you can clear up a couple of questions regarding the creation of our GDPR privacy notice using your template.