I have a question about what detail to include in the Appendix 2 in the Standard Contractual Clauses. How much detail is required when providing a “Description of the technical and organisational security measures implemented by the data importer in accordance with Clauses 4(d) and 5(c) (or document/legislation attached)?
We are a data processor under the GDPR. Can you please advise how relevant your GDPR templates are for us as they appear to designed for Data Controllers?
1. We are screen grabbing comments and sending to clients from Facebook, that includes names/comments of other Facebook users. We use these in our reports and send to clients. Are we able to still do this?
Standard list of types of personal data
We were wondering if there was a standard list of types of personal data, we have a list from a customer that defines 9 types including “Financial Data” and “Employment Details” etc.? Also is there a standard list of Categories of Data Subject, again we have a list of 9 from a customer including “Agents and Contractors” and “Suppliers” etc?
Process for changing purpose
Is there a version of the GDPR document package, or additional documents that are intended for data processors? I purchased the original EU_GDPR_Documentation_Toolkit, but I really only see documents for data controllers.
We have already resolved the question about customers in B2B environment, but why doesn't appear in the scope the "customers employees" category..? What the difference between “customers" and “suppliers" from this point of view of their employees..?
1. How to conduct PIA or DPIA?
EU GDPR document
In document 6.2 the title reads "Standard contractual clauses for the transfer of personal data from the Community to third countries (controller to controller transfers)- “the community” would appear to need to be changed to “Company”. Please can you confirm.
EU GDPR questions
1. My question is what documentation do we require and what are our responsibilities for both managed and unmanaged services.