Our company wants to hire a external DPO and asked me to be the internal DPO for 2018. My question is, what are my tasks and is this normally the way how it goes? What can I expect from the external DPO and what will be expected from me? Which questions do I need to ask the external DPO?
Publishing personal data
We are in the US and have a facility in the EU. We posted employee birthdays on a monitor in our lobby. Will we be able to do this under GDPR? I assume we will need to get specific consent for this?
BS 10012: 2017
What about BS 10012: 2017 (based on GDPR)?
Performing DIPA in companies
Can we comply with the GDPR without performing DPIA even for large companies?
Right to object
If customer objects to certain processing, like e.g. marketing or exporting data to third countries, is controller or processor allowed to deny all services to the customer? If yes, then actually there is no real 'right to object'?
Data Processors and DIPA
Is Data Protection Impact Assessment a mandatory for Data Processors?
Data Protection Impact Assessment and BIA
Can this be tied into our BIA in ISO 22301?
Legacy backup data
How do you address RTBF with potentially years of legacy backup data?
Employee data privacy
As we are an enterprise telecom service provider, we shall focus on employee data privacy only. Is that enough?
Difference between DPIA and data processing risk assessment
What is the difference between DPIA and data processing risk assessment (when you perform in order to decide which controls need to be implemented in order to assure data security)?