Search results

Home / Search

Category:
Select
Select

11269 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • GDPR requirements

    2. Is it mandatory to nominate the DPO? if negative with are the cases?
    every past privacy policy signed by my customers is now null? Or they have some kind of validity?
    3. is it necessary that every software we use need to log every access at the DB and every action we do?(I ask this because of we’re using some software that definitely doesn’t do that…)
    4. Is there any documentation or guideline about the technical specifications of the software’s database (I mean the software used that contains private’s data) like cryptography or others?

    Answers:

    1. The “project plan” is just a document to help you keep track of the documents that need to be drafted, published and implemented as well as the responsible persons within the organization that need to take care of this. Is not mandatory to have and it can filled in later on or you can choose not to use it whatsoever.
    2. The a ppointment of a DPO is mandatory only under the EU GDPR only if:
    - the processing is carried out by a public authority or body, except for courts acting in their judicial capacity; or
    - the core activities of the legal entity consist of processing operations which, by their nature, their scope and/or their purposes, require regular and systematic monitoring of data subjects on a large scale; or
    - the core activities of the legal entity of processing on a large scale of special categories of data and personal data relating to criminal convictions and offences;
    3. Not necessarily, it most likely will need to be updated to be consistent with the new EU GDPR requirements such as the need to mention the retention period pursuant to your processing activities, the new data subject rights such the “right to data portability”. Article 13 of the EU GDPR - “Information to be provided where personal data are collected from the data subject” https://advisera.com/eugdpracademy/gdpr/information-to-be-provided-where-personal-data-are-collected-from-the-data-subject/ as well as article 14 – “Information to be provided where personal data have not been obtained from the data subject” https://advisera.com/eugdpracademy/gdpr/information-to-be-provided-where-personal-data-have-not-been-obtained-from-the-data-subject/) list the information you need to put in your privacy notice/policy.
    4. You would need to ensure some sort of tracking of the activities that are performed upon a personal data base in order to ensure the ” resilience of processing systems “ as per EU GDPR article 32 - Security of processing https://advisera.com/eugdpracademy/gdpr/security-of-processing/ . Is not necessary that all actions are logged but some degree of logging would be required.
    5. The EU GDPR does not require a specific set of technical and organizational but just require them to be “appropriate” and mentions “pseudonymisation and encryption” as examples of such security measures. So, is up to you to establish the security which are suited taking into account the personal data that is in your database as well as the purpose of the processing.

    To learn more about security measures check out our free “EU GDPR Foundations Course” https://advisera.com/training/eu-gdpr-foundations-course//

  • EMS Awareness


    Answer:

    You know when your employees are aware of the EMS if they:

    - Conform to the environmental policy as well as different procedures, work instructions, etc.
    - Understand which are the significant environmental aspects and the potential impacts
    - Know their roles and responsibilities to achieve conformity
    - Understand the consequences of not following the different procedures, work instructions, etc.

    You can conduct surveys amongst your employees in order to measure EMS awareness. This will give you an idea of their awareness level and if you detect any gaps between the reality and the company´s expectations the organization can perform new awareness sessions.

    To learn more about EMS awareness, see this article - ISO 14001 Competence, training & awareness: Why are they important for your EMS?

    https://advisera.com/14001academy/blog/2014/11/26/iso-14001-competence-training-awareness-important-ems/

    These materials can also help you with the implementation of ISO 14001:2015:

    - Book - The ISO 14001:2015 companion: https://advisera.com/books/the-iso-14001-2015-companion/
    - ISO 14001:2015 Foundations Course: https://advisera.com/training/iso-14001-internal-auditor-course/
    - Conformio - Compliance tool: https://advisera.com/conformio/

  • ISO 9001 and Lean


    Answer:

    ISO 9001 does not require an immaculate workplace per se. Normally, companies with an immaculate workplace have customer requirements or process requirements about workplace environment very demanding. For example, I worked for a printed circuit board company that had to keep some areas very clean to avoid dust that would contaminate copper circuits generating shorts circuits.
    Companies with those requirements, usually follow programs based on Japanese techniques like Lean.

    The following material will provide you information about ISO 9001 and ISO vs Lean:

    - ISO 9001 – ISO 9001 vs. Lean: How they compare and how they are different - https://advisera.c om/9001academy/blog/2014/07/22/iso-9001-vs-lean-compare-different-2/
    - free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
    - book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • Clause 8.6 in ISO 9001:2015


    Answer:

    The standard states that organizations have to ensure they meet the requirements specified in clause 8.6 for the release of products ans services. When planning the arrangements to verify these requirements you don´t need to set all at the end intead you can split up the requirements at different stages. In many organizations verification activities are planned and executed at each process step in order to assure that every operation is effectively performed. This means that you can establish the required requirements at every production stage to make sure the organization´s release of products and services complies with ISO 9001:2015.

    To learn more about clause 8.6, see - ISO 9001 requirements for the release of the product or service:
    https://advisera.com/9001academy/blog/2017/03/28/iso-9001-requirements-for-the-release-of-the-product-or-service/

    These materials can also help you with the implementation o f ISO 9001:2015:

    - Book "Discover ISO 9001:2015 through practical examples": https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
    - ISO 9001:2015 Foundations Course: https://advisera.com/training/iso-9001-foundations-course/
    - Conformio - Compliance tool: https://advisera.com/conformio/

  • Internal audit


    Answer:

    The purpose of an internal audit is to assess the level of compliance of your EMS with ISO 14001 requirements. Therefore, when you conduct an internal audit you need to ensureto include all the standard requirements that apply to your company. Regarding the audit frequency, a company can decide for themselves how long is the cycle (usually 1 year or 3 years). The organization can also decide if performing the audit of the entire EMS at one time o to breaking it down into different elements for more frequent audits.

    These materials can also help you with the implementation of ISO 9001:2015:

    - Article - Creating an ISO 14001 Internal audit plan: https://advisera.com/14001academy/blog/2017/01/16/creating-an-iso-14001-internal-audit-plan/
    - Article - Inter nal Audits in the EMS: five main steps: https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/internal-audits-in-the-ems-five-main-steps/?icn=free-knowledgebase-14001&ici=top-internal-audits-in-the-ems-five-main-steps-txt /> - Book ISO internal audit: a plain English guide https://advisera.com/books/iso-internal-audit-plain-english-guide/
    - ISO 14001:2015 Internal Auditor Course: https://advisera.com/training/iso-14001-internal-auditor-course/
    - Conformio - Compliance tool: https://advisera.com/conformio/

  • GDPR legal basis for online card payments


    Answer:

    For card payment the legal basis for processing the “contract obligation” since there is a contract (although not a written one) between the individual initiating the payment and the company that facilitates the card payment. Also, the company facilitating the card payment may continue to process data based on “legal requirements” as well if such legal requirements exist.

    To learn more about the EU GDPR check out our free “EU GDPR Foundations Course” https://advisera.com/training/eu-gdpr-foundations-course//

  • Cookies

    Cookies are regulated by the ePrivacy directive which requires you to inform the website visitors about the cookies which their website uses. There is a duty to inform not to get the consent, however the website owner needs to mention how can the browser be set not to accept cookies, so it works similar to a “opt out consent”.

    If you choose to use consent to process the personal data collected via cookies you need to follow the requirements of consent meaning that it needs to be freely given, specific, informed and unambiguous indication of the individual’s wishes, so, opt out (pre-ticked boxes are not allowed).

    To learn more about consent check out our free “EU GDPR Foundations Course” https://advisera.com/training/eu-gdpr-foundations-course//

  • Data processing agreement

    If your accountant is not your employee the answer would be yes.

  • Information Transfer Procedure


    I would like to know if you have any advice on best template to use in developing an Information Transfer Procedure.

    Answer: The "Operating Procedures for Information and Communication Technology" template included in your toolkit already cover the guidance and recommendations from control A.13.2.1 (Information transfer policies and procedures), so you can use this template to implement information transfer procedures, or adapt the document to your needs.

    This template can be found on folder 08 Annex A A.12 Operations security

  • ISO 27018


    Answer: ISO 27018 provides guidance and recommendations to protect personally identifiable information, so if your services involve your customers personal data, or personal data from their customers, then probably this standard is applicable to you. To determine that you should verify your customers requirements and the laws and regulations applicable to your business.

    This article will provide you further explanation about ISO 27018:
    - ISO 27001 vs. ISO 27018 – Standard for protecting privacy in the cloud https://advisera.com/27001academy/blog/2015/11/16/iso-27001-vs-iso-27018-standard-for-protecting-privacy-in-the-cloud/
Page 731-vs-13485 of 1127 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +