As a non-profit organisation, we don't sell products, but send emails to promote our activities. We use 2 types of databases:
Categories of Personal Data
In the Inventory of Processing Activities Document, there is a column labelled „Categories of Personal Data“. The question is: What do we place in that column? Is it all the data included in this processing activity, which can be a lot of information, or is it only the data that directly identifies the „Data Subject“?
Contract with processors
I have a question regarding GDPR relating to processor in the US. They refuse to take on liability for material breach of GDPR rules from their end .Is that not what ought to be common standard here?
Third Party and cross border transfer data
1. What the difference between data Recipient and Third Party?
Personal data protection policy
1. What is the main difference between the Personal data protection policy and the Employee Personal data protection policy? Do I need both of them?
I have a hypothetical scenario…
Data Processor Addendum
I have a question on whether we would require to sign a Data Processor Addendum that Customers are requesting. We supply Reporting Software, we are not a cloud based solution and request a users name/email address when they register to use the application for the first time. We also provide a Support Portal (online) that requests a separate name/email address for access. One other element is that our products can send back product usage information identified by the person using the product (this is optional by the user).
Records of consent
How can someone, who is doing email marketing and that has a good database but has no record of consent - just record of all subscriptions, go seek permission? Are we going to use consent or legitimate interest?”
Data Subject Consent Form
In your documentation toolkit, it's stated "Data Subject Consent Form" is mandatory, I don't understand why should I develop such a form/document for my company that seems will never use it as long as we keep the same purposes of processing personal data. Am I correct?”
Scope of the IT Security Policy (Doc 8.1)
What is the scope of the IT Security Policy (Doc 8.1) included in the EU GDPR Documentation Toolkit?