EU GDPR - Expert Advice Community

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Assign topic to the user

  • Security Framework

    Does GDPR require that a company be certified under a particular security framework like ISO 27001, NIST, etc. to be considered GDPR compliant? Or, can a company still be GDPR compliant if they follow the standards set by those frameworks but not actually be officially certified by that framework?
  • Pseudonymization

    Is there a recommendation on how to properly secure data that’s been pseudonymized? For example, if not using encryption, does having the “real” data separated by a firewall and restricted access control from the pseudonymized data considered an acceptable security measure? Bottom line, what is considered “appropriate technical security measures” when it comes to pseudonymization?
  • Consent required

    Where a company has an existing mailing list for emails, is consent required? If they're already doing business with the company, is consent required? Is consent required before sending an initial email?
  • Documents to be produced.

    So in the toolkit, document 01.2 there is a (long) list of documents to be produced during the project. Should all documents be produced in every situation? E.g. are they all relevant for a SAAS software developer which is basically only a data processor and not a data controller?
  • Data Subject Access Form

    I have bought the GDPR toolkit. Which document(s) cover the data subject's right to be forgotten / right to erasure?
  • Security policy

    I have a technical question about the documents. In document 7.2 ANNEX 2 1a "Processor must document a security policy ", what document is "security police"? I can not find a document with this name.
  • Legal grounds

    Help me identify the following: Which legal grounds are available besides the legitimate interests of business?
  • EU GDPR for the banking sector

    I would like to know the specific data protection requirements that have to be defined during a bank development project in terms of the software development cycle and which meets the DSGVO requirements. Can you please help with a template?
  • Data Protection Officer

    We’re only starting with the GDPR toolkit, but I’ve an important question that you may be able to answer. The template mention the DPO a lot and we decided to not appoint one as we don’t have to, how should we go about it? Who should be there instead? (separately I wonder if there’s a specific requirement regarding the format of the record for the decision not to have a DPO?)
  • Showing data on request of data controller

    So since we are a data processor (SAAS) almost everything we do with (personal) data is on request of the data controller. If our customer requests to show certain personal data which could be in conflict with the GDPR should we inform them about this and provide the functionality or are we responsible to tell them we won't agree on data which might conflict with GDPR? An example is a public page where members can be found. - Yes, we can provide an extra check where the member must agree on showing their data 1. What if the customer doens't want to use it, who is responsible? 2. On which personal data is the extra confirmation applicable? (name, birth date, city, etc., all?)
Page 92 of 97 pages