EU GDPR - Expert Advice Community



Create New Topic As guest or Sign in

HTML tags are not allowed

Assign topic to the user

  • Process for changing purpose

    Where a new, and formerly not envisaged purpose for using previously collected data defined, and where the original purpose was covered by a "blanket" legal ground, such as “legitimate interest" and so is the new purpose, is it still required to acquire consent from the data subjects. (as suggested in the template Privacy Policy). Or would an update to the Privacy notice for the particular processing activity be sufficient?
  • Data processors

    Is there a version of the GDPR document package, or additional documents that are intended for data processors? I purchased the original EU_GDPR_Documentation_Toolkit, but I really only see documents for data controllers.
  • Company data

    We have already resolved the question about customers in B2B environment, but why doesn't appear in the scope the "customers employees" category..? What the difference between “customers" and “suppliers" from this point of view of their employees..?
  • DPIA

    1. How to conduct PIA or DPIA?
  • EU GDPR document

    In document 6.2 the title reads "Standard contractual clauses for the transfer of personal data from the Community to third countries (controller to controller transfers)- “the community” would appear to need to be changed to “Company”. Please can you confirm.
  • EU GDPR questions

    1. My question is what documentation do we require and what are our responsibilities for both managed and unmanaged services.
  • ID Verification

    What would be the appropriate method of verifying the ID of the person who submits a DSAR, more specifically, if the request isn’t done in person (ie. by phone or e-mail)?
  • Audit team

    Instead of using an external 'independent' audit team from a third party, can we setup an internal audit team that is separate from those who currently manage our security, IT and GDPR processes to audit how well our company is implementing and adhering to our GDPR policies?
  • Exeptions

    In section 7 of the DSAR Procedure document I have some questions.
  • Controller/Processor and DPO

    Our company provides a School Information/Management System to schools worldwide. The schools determine what data they want to collect about the families/students and how they will use it in regards to the operation of the school. We develop, maintain and operate the database where all of this information is stored and accessed by numerous entities in the school and including parents. Employees from our company also access the school site to help in training, importing data into our system, and of course customer support.
Page 86 of 96 pages