Search results

Home / Search

Category:
Select
Select

11270 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Opt-in checkboxes


    Answer:

    I would advise you to have separate checkboxes for the channels which you use to communicate with the customer.

    To find out more about consent check out our webinar “How to handle consents under GDPR” https://advisera.com/eugdpracademy/webinar/how-to-handle-consents-under-gdpr-free-webinar-on-demand/

  • Contracts with sites within EU


    Answer:

    If you have ongoing contracts with the individuals then the lawful grounds for processing would be “contractual obligation” rather than consent. So, you would only need to provide them with the relevant information via your privacy notice/notices.

    To learn more about privacy notices check out our webinar “Privacy notices under he EU GDPR” https://advisera.com/eugdpracademy/webinar/privacy-notices-under-the-eu-gdpr-free-webinar-on-demand/

  • Subject access request


    Answer:

    Checking the identity of the data subject is one of the first steps when dealing with a DSAR so waiting till the last day to confirm the identity of the requester to get the 30 days period “reset” would most likely be considered abusive. So my advice is to check the identity of the requester as soon as possible in he process. Please consult the “Data Subject Access Request Flowchart” which is part of the “ DATA SUBJECT ACCESS REQUEST PROCEDURE” to see how a DSAR flow could look like.

    As regards to the form is not a compulsory requirement to use a specific template although is advisable to do so as the requests would be handled much easier and in a consistent way.

    To learn more about DSARs check out our webinar “Data Subject Rights under the EU GDPR” (https://advisera.com/eugdpracademy/webinar/data-subject-rights-under-the-eu-gdpr-free-webinar-on-demand/).

  • VAT number

    If you have just one website which collects data from users you should list both controller entities with their registered address so the users can know who are the data controllers. Is not absolutely necessary to mention the VAT number the contact details should be enough.

  • Outsourced activities in ISO 9001

    ISO 9001:2015 requires that external providers must be controlled and their performance be evaluated by your organization (since it is your organization which hires their services) but they won´t be audited by the certification body.
    Regarding the extent of the controls for external providers established by your company, they must be determined by your organization, sometimes a contract which states your requirements should be enough, but in other occasions you will need to provide the external providers with documented procedures or instructions with your QMS criteria and even carry out some inspections.
    To learn more about outsourced processes you can see these articles:
    - How to control outsourced processes using ISO 9001: https://advisera.com/9001academy/blog/2015/05/05/how-to-control-outsourced-processes-using-iso-9001/
    - How to evaluate supplier performance according to ISO 9001:2015: https://advisera.com/9001academy/blog/2015/10/27/how-to-evaluate-supplier-performance-according-to-iso-90012015/
    These materials can also help you with the implementation of ISO 9001:2015:
    - Book "Discover ISO 9001:2015 through practical examples": https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
    - ISO 9001:2015 Foundations Course: https://advisera.com/training/iso-9001-foundations-course/
    - Conformio - Compliance tool: https://advisera.com/conformio/

  • server

    No it is not. You can store data outside the EU as long as you have implemented the appropriate safeguards as per EU GDPR Chapter 5 – “Transfers of personal data to third countries or international organisations” https://advisera.com/eugdpracademy/gdpr-text/transfers-of-personal-data-to-third-countries-or-international-organisations/ such as Standard contractual clauses.

    To learn more about data transfers check out our webinar “How to make personal data transfers to other countries compliant with GDPR” https://advisera.com/webinars/how-to-make-personal-data-transfers-compliant-with-gdpr-free-webinar-on-demand/

  • Change of Privacy policy


    Answer:

    This is up to you basically. Usually companies choose to notify their customers about changes in their T&C or relevant Policies, so this is more like a best practice than an obligation.

    You just need to make sure that the Privacy Policy/Notice is easily available to all your customers.

    To learn more about privacy notices check out our webinar “Privacy Notices Under the EU GDPR” https://advisera.com/eugdpracademy/webinar/privacy-notices-under-the-eu-gdpr-free-webinar-on-demand/

  • GDPR in a tourism company


    Answer:

    If you are offering goods and services to individuals in the Union then at least some GDPR requirements would be applicable to your company as well in terms of processing the data of your customers.

    However, if you just provide a service other travel companies this means you are a processor and your reasonability will be limited to certain extent.

    To learn more about the EU GDPR check out our free “EU GDPR Foundations Course” https://advisera.com/training/eu-gdpr-foundations-course//

  • Confidentiality agreement


    Answer:

    The document you are looking for is the “Supplier Data Processing Agreement” (especially article 4.Reliability and Non–Disclosure) which can be found in folder 6 of the EU GDPR Documentation Toolkit https://advisera.com/eugdpracademy/eu-gdpr-documentation-toolkit/

    To learn more about the EU GDPR check out our free “EU GDPR Foundations Course” https://advisera.com/training/eu-gdpr-foundations-course//

  • Risks and opportunties in ISO 9001

    It is up to the organization to decide whether the responsible of the procedure is the president of the company or the quality manager. Usually the quality manager is responsible for directing the risk and opportunity assessment while the organization´s top management is responsible for creating the risk management committee and providing the resources needed to assess and manage the risks. Nevertheless, the procedure is not a mandatory document within the QMS.
    It is important to note that the requirements in ISO 9001:2015 are to analyze the ris ks within your QMS and then decide what actions need to be taken. This doesn´t even need to be maintained as documented information. If you already do this ( analyze risks with FMEA analysis and take actions based on that analysis) as part of your business strategy the you already meet the requirements of ISO 9001:2015 and will be acceptable for your certification audit. Remember you will also need to address the opportunities and this cannot be done through a FMEA analysis, but you can conduct a simple brainstorming session with the relevant people of your organization.
    To learn more about risks and opportunities in ISO 9001, see - Does ISO require a procedure for addressing risks and opportunities? https://advisera.com/9001academy/blog/2017/10/10/does-iso-9001-require-a-procedure-for-addressing-risks-and-opportunities/
    If you want to find out more about FMEA risk assessment, see this article - Methodology for ISO 9001 risk analysis: https://advisera.com/9001academy/blog/2015/09/01/methodology-for-iso-9001-risk-analysis/
Page 737-vs-13485 of 1127 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +