Search results

Compliance check: Controller with no establishment and/or representative in EEA - Data and processing happens within EEA

In order to be compliant, you need to appoint a representative in the EU this is an obligation of the controller stated in Article 27 GDPR and you should appoint it in Ireland since you are going to store data in that country. In fact, according to Article 27 paragraph 3 GDPR  “The representative shall be established in one of the Member States where the data subjects, whose personal data are processed in relation to the offering of goods or services to them, or whose behavior is monitored, are.”

You don’t need a representative if the processing:

• is occasional,
• does not include, on a large scale, processing of special categories of data as referred to in Article 9(1) or processing of personal data relating to criminal convictions and offenses referred to in Article 10,
• and is unlikely to result in a risk to the rights and freedoms of natural persons, taking into account the nature, context, scope, and purposes of the processing.
• is carried by a public authority or body. 

Appointing a representative is not too difficult, you require a service contract with an individual, a company, or organization established in the EU, who must be able to represent you regarding your obligations under the EU GDPR (e.g. a law firm, consultancy or private company).

Of course, you need also to comply with all the GDPR requirements.

You can find more information here:

• What is the EU GDPR and why is it applicable to the whole world? https://advisera.com/eugdpracademy/knowledgebase/what-is-the-eu-gdpr-and-why-is-it-applicable-to-the-whole-world/
• 9 steps for implementing GDPR https://advisera.com/articles/9-steps-for-implementing-gdpr/
• List of mandatory documents required by EU GDPR https://advisera.com/articles/list-of-mandatory-documents-required-by-eu-gdpr/
• A summary of 10 key GDPR requirements https://advisera.com/eugdpracademy/knowledgebase/a-summary-of-10-key-gdpr-requirements/ 

You can also consider enrolling in our free EU GDPR Foundations Course

EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course//

Meaning of "E" in ISO 27001:2013(E)

The (E) complement at the end of the name of the standard means the language on which it was written was English. According to the ISO/IEC Directives, Part 1 Consolidated ISO Supplement, ISO official languages are English (E), French (F), and Russian (R): https://www.iso.org/sites/directives/current/consolidated/index.xhtml

ISO27001 Documentation and Accreditation - Thank you!

I received notification from my Auditor today that we have achieved accreditation with 0 non-conformities and in 6 months from commencement.  I had never tackled this type of thing before I would like to say that I don't believe this would have been acheived had I not purchased your documentation and training videos along with this discussion site.  I thank you very much for your support and material, it proved invaluable to me.  

My next challenge will be ISO9001 and I will not hesitate to purchase your documentation again for this standard.

ISO 13485:2016 clause 4.1.1 - documenting roles

You can also present it in some chart, in the table or just in the text where you will describe the roles of a particular entity.

• EU MDR Article 11 Authorised representative https://advisera.com/13485academy/mdr/authorised-representative/
• EU MDR Article 13 General obligations of importers https://advisera.com/13485academy/mdr/general-obligations-of-importers/
• EU MDR Article 14 General obligations of distributors https://advisera.com/13485academy/mdr/general-obligations-of-distributors/

• ISO 14001 Performing Audits

  You should study the audit criteria (standard and internal procedures) and develop a checklist. For example, in the following picture you have three lanes:

  • Left – Reality
  • Center – Doubts in your mind
  • Right – Questions you can ask to clear the doubts 

  

  You can look for more information below:

  • How to make an ISO 14001 internal audit checklist - https://advisera.com/14001academy/blog/2016/06/27/how-to-make-an-iso-14001-internal-audit-checklist/
  • Free webinar on demand - How to perform an ISO 14001:2015 internal audit - https://advisera.com/14001academy/webinar/how-to-perform-an-iso-14001-2015-internal-audit-free-webinar-on-demand/ (where I present another example of developing a checklist)
  • Enroll for free in ISO 14001:2015 Internal Auditor Course - https://advisera.com/training/iso-14001-internal-auditor-course/
  • Book - ISO internal audit: A plain English guide: https://advisera.com/books/iso-internal-audit-plain-english-guide/

• ISO 14001 Standard Requirement Clause

  No, it is not.

  The audit plan is a communication tool. A tool to help both auditees and audit team manage time. Most of the auditees do not know and do not need to know clauses of the standard.

  You can look for more information below:

  • Creating an ISO 14001 internal audit plan - https://advisera.com/14001academy/blog/2017/01/16/creating-an-iso-14001-internal-audit-plan/
  • Free webinar on demand - How to perform an ISO 14001:2015 internal audit - https://advisera.com/14001academy/webinar/how-to-perform-an-iso-14001-2015-internal-audit-free-webinar-on-demand/
  • Enroll for free in ISO 14001:2015 Internal Auditor Course - https://advisera.com/training/iso-14001-internal-auditor-course/
  • Book - ISO internal audit: A plain English guide: https://advisera.com/books/iso-internal-audit-plain-english-guide/