As we prepare for GDPR compliance, being a business that has operations in and transfers EU data subject data to the UK, US, Canada and Australia, would it be a good idea to follow the EU-US Privacy framework or should we consider something else since there’s uncertainty about its ratification?
Data mapping for GDPR
I'm security manager for a university. I would like some advice on how best to approach data mapping for GDPR. We have compiled an information asset register, but this doesn't take account of all our data footprint, so I'm thinking we need to run a discovery tool to verify the results, but they are quite costly. What are your thoughts?
GDPR compliance for accountancy business
I run an accountancy business it’s a limited company and I am the only employee and have no intention employing anyone else. I have 150 clients a blend of sole traders and limited companies and want to know what I have to do - in simple terms to ensure I am compliant with the new legislation?
Data breach notification
We are a virtual dataroom provides. Our customers uploads documents to a dataroom. These could be word, pdf, excel, pictures, etc. The trouble is that there might be highly sensitive personal information in there, but we do not know, since our customers are responsible for uploading. How do I handle this situation in terms of contracts, incident response procedures, etc.
Person responsible for data protection
In various areas of the documentation, it refers to the “person responsible for Data Protection in your organization.” For example: Sect. 3.5 of the Data Retention Policy. Would the IT Manager role be typical for this or would it be someone higher up such as the head of IT? If we have a DPO, would it be the DPO in that case?
How to become GDPR expert
Please explain how to become GDPR expert, what cert is needed?
Compliance of U.S. company dealing with B2B customers
We are a US-based company and we sell our services to EU companies. As part of those transactions, we collect first name, last name, email address, and phone numbers of representatives of those companies, and presumably most of these persons are EU citizens. Do we need to be compliant with the GDPR?
All articles of the GDPR
Do you have Any document that brings up all articles (all 99), with the recommended approach or obligatorisk recuirements per article?
A path between the ISO 27001 certification and the GDPR toolkit
I previously purchased the ISO 27001 toolkit and am working with a client with implementation. Is there a path between the work we have and will do for ISO 27001 certification and the GDPR toolkit?
GDPR implementation process in a non-EU country
Can you discribe a process for non EU country like Montenegro? Do my company (bank) from Montenegro has to implement GDPR considering that our country is in process of completing requirements for joining EU which hopefuly can be done in next few years.