Search results

Home / Search

Category:
Select
Select

11269 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • In which case Canadian company needs EU representative? 

    Article 27 – Representatives of controllers or processors not established in the Union states that if a data controller or data processor is not established in the European Union, and GDPR applies to it, then it must designate in writing a representative in the Union, established in one of the Member States where the data subjects, whose personal data are processed in relation to the offering of goods or services to them, or whose behavior is monitored, are. Basically, if the Canadian company offers goods or services to people in the EU or if it monitors behavior of people in the EU, GDPR applies to it and must designate a representative in the Union.

    Part of our EU GDPR Documentation Toolkit, we have a template for an Agreement for the appointment of an EU representative under article 27 GDPR, which can also be purchased separately.

    Please also consult these links:

  • Questions about sending resume, cover letter and contact info overseas.

    1. I presume this [information supplied that will be used regarding an employment contract] is on a need-to-know basis similar to how personnel records would be handled here in the United States, am I right?

    If the company is subject to GDPR, then the company is either based in the EU or it offers goods/ services to people in the EU or monitors the behavior of people in the EU. In any case, personal data must be processed according to the principles of lawfulness, fairness and transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity and confidentiality, accountability – as defined in Art 5 GDPR - Principles relating to the processing of personal data and according to the principle of data protection by design and by default, as defined in Art 25 GDPR - Data protection by design and by default. Article 25 covers a need-to-know basis, as “[technical an organizational] measures shall ensure that by default personal data are not made accessible without the individual's intervention to an indefinite number of natural persons”

    2. To do with an application for employment, are there any other parts of the GDPR that I should read?

    I recommend reading European Data Protection Board’s opinion 2/2017 on data processing at work - wp249, link below.

    3. Are there other Articles of the GDPR that I will be bound by?

    GDPR applies to personal data controllers and processors (companies, persons, institutions) that process personal data, ensuring that people like you are protected with regard to the processing of personal data. GDPR protects fundamental rights and freedoms of natural persons and in particular their right to the protection of personal data. So your employer will be bound by all GDPR requirements, and you are protected by all GDPR articles and recitals.

    4. Art. 88 Item 3 gives the date 25 May 2018, so am I reading the most up-to-date version of GDPR?

    Yes. GDPR was not changed since May 25th, 2018.

    Please also consult these links:

  • Is technical file of device mandatory to put on device on market?

    Yes, you understand it right. 

  • 27001 audits

    I’m assuming that:

    • the ISMS scope covers only the company’s head office and the sub-sites only interact with the ISMS scope (they are not part of it)
    • you are referring to an internal audit, not to a certification audit.

    Considering that, when the scope is only the head office, you do not need to audit the sub-sites.

    In this case, the sub-sites can be audited as part of the supplier monitoring process, which is a completely separated process.

    At most, during the audit of the head office, you can ask for the audit reports from the sub-sites, to check if audits were performed and if treatment of raised non-conformities is being followed up, but you do not need to enter in further detail.

    This article will provide you with further explanation about auditing:

    These materials will also help you regarding auditing:

  • How To Perform an Internal Audit Remotely [free webinar on demand] https://advisera.com/27001academy/webinar/remote-internal-audit-free-webinar-on-demand/
  • ISO Internal Audit: A Plain English Guide https://advisera.com/books/iso-internal-audit-plain-english-guide/
  • How to perform an ISO 27001 second-party audit of an outsourced supplier https://advisera.com/27001academy/blog/2017/10/10/how-to-perform-an-iso-27001-second-party-audit-of-an-outsourced-supplier/

  • Question from ISO 27001 Foundations Course

    Please note that at the beginning of the video (at the 10th second) it is said that requirements and interested parties need to be “determined”, which is different from being documented. You only need to identify them.

    Only in the case that control A.18.1.1 - Identification of applicable legislation and contractual requirements is deemed applicable for an ISMS, such requirements and interested parties need to be documented.  

  • Links between 14001, 27001 and 45001

    Please note that ISO 31000 is only one of many available approaches for risk management an organization can adopt (other examples are NIST RMF, German BSI, USA OCTAVE-S, etc.), according to their specific business needs, and promoting a single approach over others is not an objective of ISO.

    If an organization has implemented a systematic risk management approach that works for its context and is aligned with applicable legal requirements, then it is enough to be compliant with ISO management standards.

    Please also note that, in general, legal requirements that demand the implementation of an ISO standard are not specific to mandatory risk management approaches.

  • Applying Project Checklist for ISO 13485:2016 Implementation in a food processing organization

    Although there are some similarities, food processing has its own requirements, and our project checklist is not completely applicable to food processing organizations. HACCAP checklist is more applicable for that type of organization, but also some other standards that are specified for the food industry. 

  • Mandatory information in Conformity Declaration for Medical Device Class I

    If the new product has the same intended purpose, same name, and same GMDN, then yes, it is not necessary to have a new Declaration of conformity. This situation is called medical device family and for one medical device family, it is OK to have a unique Declaration of conformity. Usually, in cases when there are a lot of models, then there is an annex to the Declaration of conformity with the whole list of models.

    What I am concerned about here is the use of GMDN codes. EU published EU codes which are called EMDN codes and all medical devices under the MDR must have that codes. In the links are EMDN codes and a database where you can find which codes are applicable for your medical device family.

    For more information, see:

    Considering the UDI, for the class I medical devices, according to Article 123, the deadline for implementation of UDI is May 2025. So, this means that there is still no need to have a BASIC UDI on the Declaration of conformity.

    For further information, see:

    The next thing which is important to be on the Declaration of conformity according to the MDR is the Single registration number (SRN), so please check if that information is on it.

  • GDPR implementation

    There are many methodologies in order to drive a GDPR-compliance project. At Advisera, we have an EU GDPR Toolkit containing 39 document templates – all documents required by GDPR, plus commonly used non-mandatory documents – which can help you drive your GDPR-compliance project, as the toolkit is designed in a structured way, allowing you to start the project while filling the documents in the first directory, Preparations for the Project. This directory contains a Readiness Assessment Template and a Project Plan Template, which can be filled using our step-by-step indications in the comments from the documents. Then you can start filling the templates available in all the directories in the toolkit. The toolkit also provides you access to video tutorials, email support, expert review of a document, one hour of live one-on-one online consultations with a GDPR expert, and many other benefits.

    We can also help you with free GDPR training (at the end you can purchase a certification), free articles, and free webinars.

    Please also consult these resources:
Page 61-vs-13485 of 1127 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +