When carrying out a DPIA, is it acceptable to use a FREE DPIA template from a reputable company on the Internet if it appears to have all the required elements?
DPIA and risk assessment
How does DPIA differ from a ISO27K risk assessment?
DPIA according to EU GDPR
Please confirm whether its related to information security and management system?
In a previous post, Advisera (Andrei) indicated that we are not required to send any of our completed documentation to our Supervisory Authority (I assume it’s only required in the event of a breach or complaint). If we’ve completed all our documentation and we feel that we have the proper processes and procedures in place who actually determines or how do we know if we’re GDPR-compliant?
Need for Data Protection Impact Assessment
We currently have lots of processes in place, Risk register so we assess and measure risk not sure what if we need a DPIA?
As a complete beginner on the subject, I am wondering if the DPIA is to be performed is dependent on the size of the company. In other words, do you treat a one-man company differently to a company with 200 plus employees? On an even simpler level, does my own business contact list also fall within the DPGR and must it be maintained separately from my personal contact list?
Article 30 Records of processing activities
I’ve had a chance to look through the Toolkit and I don’t see anything relating to reporting requirements. Specifically, I’m wondering if you have a template for Article 30 reporting and/or any other report requirements. Am I missing that in the templates or is that something Advisera doesn’t have at this time?
GDPR Documentation Process
Let’s say we’ve completed all our GDPR documentation, policies, and our contracts, processes, etc. are GDPR-compliant, what happens next? Are we supposed to send it to the ICO/SA (we’re in the UK) or do we hold onto it until requested by the SA?
Controlling customer data
I wanted to ask you a question about GDPR in relation to controlling CUSTOMER (DEBITOR) data. As this is not PERSONAL data, GDPR doesn’t apply. Correct?
Employee background check
Can you please provide clarity on employee background checks as it relates to ISO 27001 and GDPR? My understanding is from an ISO 27001 standpoint it’s not necessarily required but it should be part of the risk assessment as to whether or not to perform them. With GDPR, my understanding is that it actually won’t even be allowed anymore?