Search results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Assign topic to the user

  • EU GDPR interpretation and transferring data

    1. Binding Corporate rules - are these the only way to transfer data from inside the EU to outside the EU (to UK and EU)

    No, you can transfer data based on an adequacy decision under Article 45 GDPR. This applies when the transfer is towards one country that the EU Commission considers providing an adequate level of security for the freedom and rights of individuals.

    The European Commission has so far recognized Andorra, Argentina, Canada (commercial organizations), Faroe Islands, Guernsey, Israel, Isle of Man, Japan, Jersey, New Zealand, Switzerland, and Uruguay as providing adequate protection.

    Here you can monitor countries if new countries enter. There are ongoing talks with South Korea and the procedure for the adequacy decision of the UK has been launched on February 19th: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en

    In case of an adequacy decision, you can transfer data (being compliant with all other GDPR requirements).

    In case the adequacy decision is missing you can either apply appropriate safeguards under article 46 GDPR adopting:

    • Standard contractual clauses approved by the EU Commission
    • Agreements approved by Surveillance Authorities
    • And (of course) Binding Corporate Rules.

    2.Which EU region has the toughest interpretation of GDPR?

    It is hard to say because the EU Surveillance Authorities of the 27 Member State meet in the European Data Protection Board (EDPB) where they adopt Guidelines to harmonize interpretation among EU countries and avoid different levels of interpretation.

    Here you can find more information on data transfer under GDPR:

    You can also consider enrolling in this free online training EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course//

  • Predictive Maintenance

    There are many predictive maintenance methods and this topic is related to machine type. It is a type of oil analysis. Apart from that, it can be used in other methods such as vibration, heat, sound, ampere, voltage, etc

  • Implementing GDPR rules in company without DPO

    You can implement GDPR rules by yourself. Start preparing a project plan of GDPR implementation and conduct a readiness assessment in order to verify what you need. Then, adopt policies and top-level documentation, prepare the Inventory of processing activities and define how to process personal data. You need to prepare information to data subjects (employee, customers, and suppliers) so implement the appropriate privacy notice for your website or contracts and verify if you need consent as a legal basis.

    You should implement also a policy on how to manage data subject rights and increase awareness on data protection and data subject rights on your employees. You should check if there is any transfer of data outside the EU and if it is covered by the appropriate legal basis. Then, verify security measures and implement a policy in case of data breach.

    Here you can find more information on how to implement EU GDPR:

    This EU GDPR Documentation Toolkit will provide you with clear steps and all the required documents to become compliant with GDPR: https://advisera.com/eugdpracademy/eu-gdpr-documentation-toolkit/

    Here you can find more information on how to start implementing EU GDPR rules:

    If you want to learn how to implement the EU GDPR you may consider enrolling in our free training EU GDPR Foundations course: https://advisera.com/training/eu-gdpr-foundations-course//

  • QM where its mentions the requirement of cl. 4.1.1, 4.1.2, 4.1.3, 4.1.4 separately

    The Quality Manual serves as the core of the QMS, documenting a description of the organization’s structure, and stating how the requirements of impartiality and confidentiality along with requirements for structure, resource, process and management are met.  Remember if you were implementing without a toolkit, you would document what you do, then look at the standard and fix the gaps. It is not advisable to implement by a copy approach from the standard and where it states, for example  “The lab shall..”, a laboratory simply states, “We do..” The approach taken with the Toolkit is not to document each subclause in the Quality Manual; otherwise, a laboratory might as well just extract the information straight from the Standard. It is a more effective approach to look at each activity / requirements of ISO 17025; for example, Impartiality, review each subclause (e.g., clauses 4.1.1 to 4.1.5) and state how these are met. Of course, if you prefer to structure the manual directly linked to each subclause, that is your choice.

    The manual does in fact cover all the subclauses 4.1.1 to 4.1.5. In some sentences the stated process covers more than one subclause- a reason for not just listing each subclause. For example, for a sentence you can see in the preview – “[Job title] ensures that laboratory personnel are free from pressures both internal and external that may compromise the results of their work” , the toolkit indicates this is typically the Quality Manager; so this statement covers both subclause 4.1.1 - activities to be structured and managed to ensure impartial and 4.1.2 - management must be committed to impartiality.

    My suggestion is when you go over the toolkit Quality manual and your procedures you review where you cover the requirements. This is an important part of awareness. If you prefer, you can indicate the subclauses in brackets after each section.

    For more information on what is required for ISO 17025 impartiality, read the whitepaper Clause-by-clause explanation of ISO 17025:2017, section 4.1, available for download from https://advisera.com/17025academy/free-downloads/ and preview the toolkit further at https://advisera.com/17025academy/iso-17025-documentation-toolkit/

  • Why ISO 13485 didn't implement changes and format of ISO 9001:2015 edition?

    Until the introduction of the high-level structure in 2015, ISO 9001:2008 and ISO 13485:2003 were very similar standards.

    Unfortunately, corrections on the ISO 13485:2003 took too long. The new version of ISO 13485 has been decided to be released in 2016 although it relies on ISO 9001: 2008. So when ISO 9001:2015 was finally released with the new structure, 13485: 2016 was also already ready for release with the ISO 9001: 2008 structure. Then the ISO organization decided to release 13485 with the old structure.

    For more information on similarities between ISO 9001 and ISO 13485, see the following article:

Page 204-vs-13485 of 1130 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +