Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11272 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Privacy Statement/Privacy Notice
Answer:
Yes, it is the same thing. -
DPO v/s Data Protection Compliance Officer
Answer:
You must appoint a data protection officer if:
- You are required to do so by national law. Some Member States are likely to make this mandatory, particularly where this obligation already exists in national law (e.g. Germany);
- are a public authority or body (other than a court);
- Your core activities consist of regular and systematic monitoring of data subjects on a large scale; or
- Your core activities consist of processing sensitive personal data on a large scale (including processing information about criminal offences)
So, not necessarily related to the size the company.
To learn more about DPOs check out our article “The role of the DPO in light of the General Data Protectio n Regulation” https://advisera.com/eugdpracademy/knowledgebase/the-role-of-the-dpo-in-light-of-the-general-data-protection-regulation/ -
Data Subject Right
Answer:
The controller has 30 days to respond to the data subject. However, if a processor is the one receiving a request form a data subject the processor has to notify the data controller as soon as possible and is only the controller that needs to send a reply to the data subject.
The information about how to deal with data subject request is found in the “DATA SUBJECT ACCESS REQUEST PROCEDURE” in the EU GDPR Documentation Toolkit https://advisera.com/eugdpracademy/eu-gdpr-documentation-toolkit/
To find out more about DSARs check out our webinar “Data Subject Rights under the EU GDPR” https://advisera.com/eugdpracademy/webinar/data-subject-rights-under-the-eu-gdpr-free-webinar-on-demand/ -
Handling consents
Answer:
Consent needs to be granular so you need to get the consent for each of the companies as they are different legal entities.
To learn more about consent check out our webinar “How to handle consents under GDPR” (https://advisera.com/eugdpracademy/webinar/how-to-handle-consents-under-gdpr-free-webinar-on-demand/). -
Customer telephone acquisition
Answer:
Nothing has changed as regards to company related information. However, things may change as of 2019 when a new ePrivacy Regulation may be coming into force.
To learn more about the EU GDPR check out our free “EU GDPR Foundations Course” https://advisera.com/training/eu-gdpr-foundations-course// -
ISO 27001 and PCI DSS
I just need to confirm, can I use ISO 27001 policy tool kit to develop PCI DSS policies?
Answer: We're not experts in PCI DSS, but generally we recommend ISO 27001 documentation toolkit as a way to contribute to achieve PCI compliance, because PCI-DSS has some requirements that can be fulfilled by ISO 27001 controls from Annex A, such as access control policy, back up policy, etc.
These articles will provide you further explanation about PCI DSS and ISO 27001:
- PCI-DSS vs. ISO 27001 Part 1 – Similarities and Differences https://advisera.com/27001academy/knowledgebase/pci-dss/
- PCI-DSS vs. ISO 27001 Part 2 – Implementation and Certification https://advisera.com/27001academy/knowledgebase/pci-dss/
These materials will also help you regarding ISO 27001 implementation:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.c om/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/ -
Toolkit content
Answer: If you want to fulfil only ISO 27001 requirements regarding information security continuity, then you should consider using the Disaster Recovery Plan template, located on folder 08 Annex A A.17 Business Continuity 04 Business Continuity Plan, instead of the Business Continuity Plan template.
This template alone will be enough to cover all the requirements of ISO 27001.
This article will provide you further explanation about information security continuity:
- How to use ISO 22301 for the implementation of business continuity in ISO 27001 https://advisera.com/27001academy/blog/2015/06/15/how-to-use-iso-22301-for-the-implementation-of-business-continuity-in-iso-27001/
These materials will also help you regarding information security contin uity:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/ -
withdrawing consent related to delivery (email&phone nr) in Germany
I am not an expert in German language, but I could not find any reference in the DSGVO for asking consent for sending the data to processors. You should only inform the data subject about the fact you may transfer data to a third party as per EU GDPR art. 13 requirements - Information to be provided where personal data are collected from the data subject https://advisera.com/eugdpracademy/gdpr/information-to-be-provided-where-personal-data-are-collected-from-the-data-subject/
You can get more insight on privacy notices from our webinar “Privacy Notices under the EU GDPR” https://advisera.com/eugdpracademy/webinars/ -
Data subject consent form
Answer:
Because I assume your pupils are minors the Parental Consent Form https://advisera.com/eugdpracademy/documentation/parental-consent-form/ would be more suitable. Because the consent needs to be informed you need to use a Privacy Notice https://advisera.com/eugdpracademy/documentation/privacy-notice/ to inform the data subjects about what you do with their data.
To find out more about privacy notices check out our webinar “Privacy Notices under the EU GDPR” https://advisera.com/eugdpracademy/webinars/