Since Data Disclosure Form is a mandate in GDPR, what should be the contents of that (if you can explain in short)?
If there is continuing info being collected such as from an employer, notice could only be given once upfront, correct?
EU GDPR toolkit documents
Beside Privacy Notice do we have to make public available other documents related to GDPR?
Handling the privacy
Employer (e.g., xxx) sends us contact information for every employee globally. Occasionally, a user requests to opt out of our system and prefers we forget them. However, information about them is still delivered everyday from the employer. What are the options for us to handle the privacy of the individual while handling the requests of our customer (the individual's employer)?
What about medical data provided to a doctor, where we provide an online platform for those doctors to organize their agendas with private data. Should the doctor ask the patient their consent for using our online agenda?
Is there a minimum standard for notice over phone sales activities?
Are there fixed qualifications for a DPO, or can a small company nominate a member of staff to be a DPO? Should they be referred to as something else instead?
Inventory of processing activities
Do you have generic lists with 1) the most used processing activities (i.e. for the processing inventory) and 2) general documents for the retention schedule? I had hoped these two documents in particular came pre-populated so that they would be easy to adapt by deleting non-relevant and adding company specific.
3rd Party Integrator Question
Frequently we connect our platform to another vendors system to share data through a web service or integration. We are not subcontracting this vendor. The Data Controller may select multiple vendors to work together to provide a total solution for managing all aspects of a conference or trade show.
Based on the Advisera GDPR Doc: 4.2 Personal Data Protection Policy - 8.2.3 Main Establishment for Non-EU Companies for Data Controllers and Processors: It looks like we are required to have a representative in the EU… is this a service Advisera offers? If so, can you relay the cost structure?