EU GDPR - Expert Advice Community

Home / EU GDPR

Discussions

Top Contributors

Expert

Rhand Leal

4048
Discussions
Expert

Carlos Pereira da Cruz

1895
Discussions
Expert

Dejan Kosutic

366
Discussions

Most Popular Tags

Product: Conformio Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 Product: ISO 27001 Documentation Toolkit ISO 9001 Risk Assessment Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit ISMS Product: ISO 13485 Documentation Toolkit Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Internal Audit Product: ISO 27001/Risk Assessment Table Certification ISO 14001 ISO27001
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Verifying customers' identity

    Should we be verifying customers' identity via email when the email they are contacting us from is the same email they used to purchase a product from us?

  • Proof of compliance with GDPR & Data Subject Request Register

    When a client of ours asks for proof of GDPR compliance what do companies normally provide? Also, in the 07.24_Data_Subject_Requests_Communication_Register_Premium_EN document I don't see a slot for the name/email of the data subject. Part of me thinks that makes sense as if you are asked to delete their info yet keep it in that document then you technically didn't completely delete it? The other part of me wonders how that demonstrates compliance when you can't link it back to a particular data subject request?

  • Using messages as evidence

    Hi there, I am hoping that you may be able to help me with a question relating to GDPR in the workplace. We currently have a situation at work where a colleague has provided us (a business) text messages with another colleague. These messages may be included as evidence within an upcoming grievance. My question is, can the organisation simply take these messages and use them as evidence, or does this constitute 'processing' under GDPR as they have now been passed from an employee to the business (the employer). Will we need to gain consent from both individuals to use these messages? I think it is also worth noting that these messages were sent on an encrypted messaging service similar to WhatsApp, on personal devices. We are concerned that the employee who did not provide the messages, may raise possible GDPR compliance issues around processing such data which is identifiable. Any support on this matter would be greatly appreciated.

  • LSA

    we (company) do business in the EU but do not have a need for an LSA.. can our company residing in the USA be considered the LSA?

  • Conversion to UK version of GDPR

    I work for ***. Several years ago I purchased your organization's EU GDPR toolkit and used it to assist in preparing my organization for GDPR. As we are a UK firm, in a post-Brexit world we do fall under the UK data protection legislation. I am wondering if you have a similar package related to the UK law. That being said, I recognize the two laws (EU and UK) are quite similar, so perhaps your advice would be to use the same policies and procedures, but to simply reference the UK law in place of the EU law. Please let me know your thoughts when you get a chance.  

  • Is link to LinkedIn private use ?

    I understand that a website does not need to have a privacy policy if it is not commercial and only for private use. I would like to verify that my website meets this criteria. My website consists only of one page which shows two buttons. One button is linked to my LinkedIn profile, the other one to my Xing profile (german version of LinkedIn). I am employed, not self-employed, and will not use any analytics such as Google Analytics.   Does my website need a privacy profile? I prefer not to have a privacy policy on my website because I do not wish to share my address on the internet.

  • Application of GDPR to emailed CVs

    Good day, I completed the online GDPR course last year but still have to do my exam. As the Office Manager of a biopharmaceutical company, I receive multiple CVs from jobseekers on a weekly basis. There is no ongoing or active recruitment process. These jobseekers just take a chance and send their CVs looking for a job. What is my obligation as the DPO of this company? What do I need to do with these CVs so that we remain compliant with GDPR? Any advice would be much appreciated.

  • Privacy Notices

    Do we need seperate or indeed any privacy notices for forms filled out by staff. These forms are not processed by any 3rd party. they are internal only and are for the purpose for someone to fulfil their role. Like a form requesting permission to access a folder.

  • Can company share their employee personal data?

    I need to ask a question because I was not able to find one of the situation which makes me confused about GDPR. Company which have become our customer and bought service from us do share via email his employees personal data (name, last name and email) so we can create access for them on our portal. When they access portal, they will be asked to accept privacy policy and give consent (GDPR stuff)... is that ok from law side, to have personal information of company employees and after they login for the first time to accept policy? Also what will happen if some of the users never login, or don`t login for a long period and we made account for them, but user haven`t accepted privacy policy and gave consent to us?

    How can we overcome this situation? Do you know if we can still be GDPR compliant with this situation?

  • Acting as DPO

    I wonder if I could act as DPO in a little company being Infrastructure & Security manager. This could be a position with conflict of interest. Even if DPO is not mandatory in such a little company.
Page 9 of 96 pages