We use SaaS vendors quite a lot in our company. How can we fulfill the requirement of having signed Supplier Data Processing Agreements with large SaaS vendors, for example an IBM, Microsoft, Cisco, etc., who are unlikely to sign something like that? Then, at the other end of the size spectrum, how about small vendors who we pay something like $50/mo. who have probably never dealt with GDPR? For example, a small SaaS vendor that hosts calendaring and appointment schedule for our clients.
Processing of publicly available personal data
How does the GDPR apply to software that is crawling the web and gathering publicly available email addresses (in order to help others quickly find business emails connected to a domain)? This is public data (not collected from individuals, but found on websites and also found on Whois). But the what that bothers me is that the data has to be cached/stored so that the software can work and that could be problem. I would really appreciate if you could point me in the good direction of my research. So far I found nothing very relevant (except that for example Whois is still in debate with GDPR representatives).
Applicability of EU GDPR
I work for an American organisation who owns companies all over the world including UK and Europe.
EU GDPR requirements for data controller and data processor
Have you come across EU requirements that Controller and Processor have to be assessed/Certified to hold these positions?
As we prepare for GDPR compliance, being a business that has operations in and transfers EU data subject data to the UK, US, Canada and Australia, would it be a good idea to follow the EU-US Privacy framework or should we consider something else since there’s uncertainty about its ratification?
Data mapping for GDPR
I'm security manager for a university. I would like some advice on how best to approach data mapping for GDPR. We have compiled an information asset register, but this doesn't take account of all our data footprint, so I'm thinking we need to run a discovery tool to verify the results, but they are quite costly. What are your thoughts?
GDPR compliance for accountancy business
I run an accountancy business it’s a limited company and I am the only employee and have no intention employing anyone else. I have 150 clients a blend of sole traders and limited companies and want to know what I have to do - in simple terms to ensure I am compliant with the new legislation?
Data breach notification
We are a virtual dataroom provides. Our customers uploads documents to a dataroom. These could be word, pdf, excel, pictures, etc. The trouble is that there might be highly sensitive personal information in there, but we do not know, since our customers are responsible for uploading. How do I handle this situation in terms of contracts, incident response procedures, etc.
Person responsible for data protection
In various areas of the documentation, it refers to the “person responsible for Data Protection in your organization.” For example: Sect. 3.5 of the Data Retention Policy. Would the IT Manager role be typical for this or would it be someone higher up such as the head of IT? If we have a DPO, would it be the DPO in that case?
How to become GDPR expert
Please explain how to become GDPR expert, what cert is needed?