Search results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Assign topic to the user

  • SAR

    Employees, like other data subjects, have the right to access their personal data. When you receive a SAR (Subject Access Request) you need to reply without undue delay (usually one month) and you can extend such a period to another month for complex requests.

    You need to give access to the employee to data stored excluded for documents subjects to legal privilege (i.e. legal advice on the employee), data concerning third parties, disproportionate request.

    You should also inform the employee about the categories and the purposes of data processing, how data have been processed, the legal ground of processing, the source of data (if data were not communicated by the employee), data retention periods, other data subjects rights, if data had been transferred to third parties, security measures if any automated processing method applies. Usually, all this information is included in the employee privacy policy.

    Please consider that if the SAR is too generic you can ask for clarification to the employee, if the employee is not legitimate to access, you can reply with a denial, but do not ignore the request otherwise the employee can lodge a complaint to the Data Protection Authority of your country.

    Here you can find more information:

    If you want to know more about GDPR compliance you can consider enrolling in this EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course//

  • 15223-1 and 13485 certification question

    Do i need to purchase iso 15223-1 in order to comply with a medical device app?

    Yes, you need to purchase this standard. But please be careful because the new revision of this standard is currently under development: ISO/DIS 15223-1 Medical devices — Symbols to be used with medical device labels, labeling, and information to be supplied — Part 1: General requirements.

    There are some new symbols that are applicable to all medical devices, regarding the type of medical device.   

    Furthermore, can the iso 13485 certification and the CE certification be done by the same organization?

    Yes, both certifications can be done by the same Notify body, moreover, it is recommended and expected. 

    The following article regarding compliance with the MDR requirements for medical device labels can be helpful:

Page 289-vs-13485 of 1130 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +