Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Parental consent
As it relates to the data processing for a data subject under the age of 16, does the GDPR require specific/implicit parental consent in a case where that child is listed by the parent(s) as a beneficiary to an insurance policy, investment, etc? -
Security Framework
Does GDPR require that a company be certified under a particular security framework like ISO 27001, NIST, etc. to be considered GDPR compliant? Or, can a company still be GDPR compliant if they follow the standards set by those frameworks but not actually be officially certified by that framework? -
Pseudonymization
Is there a recommendation on how to properly secure data that’s been pseudonymized? For example, if not using encryption, does having the “real” data separated by a firewall and restricted access control from the pseudonymized data considered an acceptable security measure? Bottom line, what is considered “appropriate technical security measures” when it comes to pseudonymization? -
Consent required
Where a company has an existing mailing list for emails, is consent required? If they're already doing business with the company, is consent required? Is consent required before sending an initial email? -
Documents to be produced.
So in the toolkit, document 01.2 there is a (long) list of documents to be produced during the project. Should all documents be produced in every situation? E.g. are they all relevant for a SAAS software developer which is basically only a data processor and not a data controller? -
Data Subject Access Form
I have bought the GDPR toolkit. Which document(s) cover the data subject's right to be forgotten / right to erasure? -
Security policy
I have a technical question about the documents. In document 7.2 ANNEX 2 1a "Processor must document a security policy ", what document is "security police"? I can not find a document with this name. -
Legal grounds
Help me identify the following: Which legal grounds are available besides the legitimate interests of business? -
EU GDPR for the banking sector
I would like to know the specific data protection requirements that have to be defined during a bank development project in terms of the software development cycle and which meets the DSGVO requirements. Can you please help with a template? -
Data Protection Officer
We’re only starting with the GDPR toolkit, but I’ve an important question that you may be able to answer. The template mention the DPO a lot and we decided to not appoint one as we don’t have to, how should we go about it? Who should be there instead? (separately I wonder if there’s a specific requirement regarding the format of the record for the decision not to have a DPO?)