Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
GDPR data
Does data belong to the controller or the subject? -
Privacy Shield
In your GDPR training video you outline that "as of the time that the video was created, the United States and Canada was still not recognized as having adequate data protection" Has this change or is this still the case? -
User data from 3rd party integrations
Do we need to delete user data from 3rd party integrations? Such as , our users integrate and send their submissions to Google drive, Dropbox or Box. Do we have any obligations to inform 3rd parties about a deletion? -
Article 37
I read that an appointment of a Data Protection Officer is obligatory under certain conditions (Article 37), namely: -
Photograph and Document of Employees
1. Does a Company need express consent from an employee to use their photograph on the company’s website or to store a photo for communication and adverting purposes and to store a copy of an official document from them (ex: driver license) for the purpose of confirmation of identity? -
Becoming GDPR compliant
With data we already use for marketing purposes, what do we need to do to be GDPR compliant? Do we need to opt all data subjects out or is it acceptable to only have new clients opt in on their request? -
Employees consent
Under the GDPR, are employees required to sign a consent form in order for the business to process their personal data? Or, is it understand the company has a lawful basis for processing the data due to the following from the GDPR: "(b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract"Based on the above, it does not seem employee consent is required in order to do things like providing their data to your payroll provider, which can contain sensitive information. Can you confirm or suggest if I have misinterpreted? -
Cross border transfer
I am having a hard time understanding the requirements for the cross border personal data transfer procedure. If personal data is stored electronically, yet is only accessible within your organization, does that mean it falls under this policy? As an example, we have an HR system with information on UK employees. HR staff in the US can access this. However, the data is not being sent to a third party; it is all retained within our organization. Is this considered a cross border transfer, or not? -
Using DPIA
1. Is a DPIA required for an employee background check, and for storing sensitive data on an employee? -
Publishing Privacy Policy
As we are an outsource contact center provider, we are the data controller in terms of HR, Recruitment etc. putting the Privacy Policy on the website doesn’t seem right to me, as this is also used for prospective new clients? How would this work for us? Same for DSAR requests – our website doesn’t seem the right place to put this information but I don’t know where else we could?