EU GDPR - Expert Advice Community

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Assign topic to the user

  • Handling the privacy

    Employer (e.g., xxx) sends us contact information for every employee globally. Occasionally, a user requests to opt out of our system and prefers we forget them. However, information about them is still delivered everyday from the employer. What are the options for us to handle the privacy of the individual while handling the requests of our customer (the individual's employer)?
  • Medical data

    What about medical data provided to a doctor, where we provide an online platform for those doctors to organize their agendas with private data. Should the doctor ask the patient their consent for using our online agenda?
  • Minimum standard

    Is there a minimum standard for notice over phone sales activities?
  • DPO

    Are there fixed qualifications for a DPO, or can a small company nominate a member of staff to be a DPO? Should they be referred to as something else instead?
  • Inventory of processing activities

    Do you have generic lists with 1) the most used processing activities (i.e. for the processing inventory) and 2) general documents for the retention schedule? I had hoped these two documents in particular came pre-populated so that they would be easy to adapt by deleting non-relevant and adding company specific.
  • 3rd Party Integrator Question

    Frequently we connect our platform to another vendors system to share data through a web service or integration. We are not subcontracting this vendor. The Data Controller may select multiple vendors to work together to provide a total solution for managing all aspects of a conference or trade show.
  • Representative srvices

    Based on the Advisera GDPR Doc: 4.2 Personal Data Protection Policy - 8.2.3 Main Establishment for Non-EU Companies for Data Controllers and Processors: It looks like we are required to have a representative in the EU… is this a service Advisera offers? If so, can you relay the cost structure?
  • SAAS type services

    Since we do have a SAAS application we’re struggling with the scope. We’ve roughly 2 things to take care off:
  • Inventory of processing activities and retention schedule

    Do you have generic lists with 1) the most used processing activities (i.e. for the processing inventory) and 2) general documents for the retention schedule? I had hoped these two documents in particular came pre-populated so that they would be easy to adapt by deleting non-relevant and adding company specific.
  • Data retention policy

    The template for data retention policy and schedule seems to cover all types of documents and information in the company. Is that necessary according to GDPR, or is it only necessary to have a policy and retention schedule for documents containing personal data? Managing all documents seems to be a significantly larger task than only those with personal data?
Page 89 of 96 pages