1) How long can we keep personal data, that we received via out website for?
GDPR Compliant Media Release form
I am looking for a GDPR Compliant Media Release form to cover consent for photographs or video to be used in printed material and social media. I am unsure as to which of your docs will be relevant. Can you help?
Article 20 Right to data portability
Article 20 Right to data portability -
How are the smallest businesses affected, and are all businesses required to do this; if not which types of businesses are exempt? Are you required to do this if your business is an eCommerce site that just takes name, email and tel details? Are you required to do this if you simply handle inquiries from clients via online forms and hold no databases? How does this affect the use of facilities such as Mailchimp and Awebber for email gathering and newsletters etc.? What if you generate leads for a company and pass on details of either businesses or private individuals as part of that contract? How would you deal with that aspect?
EU GDPR in school
In a School environment, how do we ensure that we have a Privacy Notice that is suitable for a 13 year old? Particularly as not all children will have the same attainment level.
Data Disclosure Form
Since Data Disclosure Form is a mandate in GDPR, what should be the contents of that (if you can explain in short)?
If there is continuing info being collected such as from an employer, notice could only be given once upfront, correct?
EU GDPR toolkit documents
Beside Privacy Notice do we have to make public available other documents related to GDPR?
Handling the privacy
Employer (e.g., xxx) sends us contact information for every employee globally. Occasionally, a user requests to opt out of our system and prefers we forget them. However, information about them is still delivered everyday from the employer. What are the options for us to handle the privacy of the individual while handling the requests of our customer (the individual's employer)?
What about medical data provided to a doctor, where we provide an online platform for those doctors to organize their agendas with private data. Should the doctor ask the patient their consent for using our online agenda?