EU GDPR - Expert Advice Community



Create New Topic As guest or Sign in

HTML tags are not allowed

Assign topic to the user

  • Privacy notice

    If there is continuing info being collected such as from an employer, notice could only be given once upfront, correct?
  • EU GDPR toolkit documents

    Beside Privacy Notice do we have to make public available other documents related to GDPR?
  • Handling the privacy

    Employer (e.g., xxx) sends us contact information for every employee globally. Occasionally, a user requests to opt out of our system and prefers we forget them. However, information about them is still delivered everyday from the employer. What are the options for us to handle the privacy of the individual while handling the requests of our customer (the individual's employer)?
  • Medical data

    What about medical data provided to a doctor, where we provide an online platform for those doctors to organize their agendas with private data. Should the doctor ask the patient their consent for using our online agenda?
  • Minimum standard

    Is there a minimum standard for notice over phone sales activities?
  • DPO

    Are there fixed qualifications for a DPO, or can a small company nominate a member of staff to be a DPO? Should they be referred to as something else instead?
  • Inventory of processing activities

    Do you have generic lists with 1) the most used processing activities (i.e. for the processing inventory) and 2) general documents for the retention schedule? I had hoped these two documents in particular came pre-populated so that they would be easy to adapt by deleting non-relevant and adding company specific.
  • 3rd Party Integrator Question

    Frequently we connect our platform to another vendors system to share data through a web service or integration. We are not subcontracting this vendor. The Data Controller may select multiple vendors to work together to provide a total solution for managing all aspects of a conference or trade show.
  • Representative srvices

    Based on the Advisera GDPR Doc: 4.2 Personal Data Protection Policy - 8.2.3 Main Establishment for Non-EU Companies for Data Controllers and Processors: It looks like we are required to have a representative in the EU… is this a service Advisera offers? If so, can you relay the cost structure?
  • SAAS type services

    Since we do have a SAAS application we’re struggling with the scope. We’ve roughly 2 things to take care off:
Page 90 of 97 pages