Search results

Home / Search

Category:
Select
Select

11269 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Data transfer outside of the European Union

    2: Which is an acceptable means for personal data transfer outside of the European Union when the data transfer is between different locations of the same company?

    Answers:

    1.USA is considered safer to transfer information than China, India, Russia because between UE and USA there is a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States in support of transatlantic commerce. This mechanism is called Privacy Shield Framework and was designed by the U.S. Department of Commerce and the European Commission and Swiss Administration. More information you can find here https://www.privacyshield.gov/welcome

    2. One of the safeguards for transferring data outside the EU between different companies of the same group is “Binding Corporate Rules (BCRs) but you could also use a Intragroup Data Transfer Agreement based on standard contrac tual clauses.

    For more information about the international data transfer check out our webinar “How to make personal data transfers to other countries compliant with GDPR” https://advisera.com/webinars/how-to-make-personal-data-transfers-compliant-with-gdpr-free-webinar-on-demand/

  • Transfer of the personal data


    Answer:

    Based on your example you are not facing a cross border data transfer.

    If you want to find out more about cross border data transfers check out our webinar “ How to make personal data transfers to other countries compliant with GDPR” https://advisera.com/webinars/how-to-make-personal-data-transfers-compliant-with-gdpr-free-webinar-on-demand/

  • Disposal of Commercial Shredded Paper


    Answer:

    This is not something which is regulated by the EU GDPR and it is entirely up to the company. But, my opinion is that if those documents contain sensitive personal data they should be disposed of in a controlled environment and not in someone's home.

    To learn more about the EU GDPR check out our free “EU GDPR Foundations Course” https://advisera.com/training/eu-gdpr-foundations-course//

  • Threshold questionnaire


    Answer:

    The threshold questionnaire can be found in document 5.2 DPIA Register – the first 5 questions are the Threshold questionnaire.

    To find out more about DPIA check out our webinar “Seven steps of Data Protection Impact Assessment (DPIA) according to EU GDPR” https://advisera.com/eugdpracademy/webinar/seven-steps-of-data-protection-impact-assessment-dpia-according-to-eu-gdpr-free-webinar-on-demand/

  • Data Processing Agreement and Data Processing Addendum

    When using a third party to process personal data on your behalf you need to ensure that it provides “sufficient guarantees to implement appropriate technical and organizational measures in such a manner that processing will meet the requirements of this Regulation” ( art. 28(1) - “Processors” (https://advisera.com/eugdpracademy/gdpr/processor/).

    So, whenever you contract a third party to process personal data on your behalf you need to have a Data Processing Agreement/Addendum (there is not difference they both means the same thing). You can choose to have the content of the Data Processing Agreement/Addendum as a separate section of the commercial agreement although it will be harder to manage.

    To learn more about processor obligations check out our free “EU GDPR Foundations Course” https://advisera.com/training/eu-gdpr-foundations-course//

  • Adapting documentation language


    Answer:

    For internal use the English language documents would be enough.

    However customer facing documents should be written in local language. Moreover, supervisory authorities would most likely ask for any documents to be presented to them in local language as well.

  • Existing contracts and GDPR


    Answer:

    If you are talking about the contracts with the third parties acting as your data processors than most likely you need to ad to those commercial contact a Data Processing Agreement/Processor addendum or another legally binding document to regulate the relation between you as controller and your third party as data processor.

    To learn more about controllers and processors check out our free “EU GDPR Foundations Course” https://advisera.com/training/eu-gdpr-foundations-course//

  • Processing of sensitive personal data

    Assessing the legality of the processing activity as regards to sensitive personal data is something that the controller needs to do. What you need to ensure is that in the contract with the your customer you state that he is fully liable for ensuring that the personal data is collected and processed in a lawful manner.

  • ISO 27001 versions


    Whats the difference between the previous version and new version of ISO 27001.

    Answer: This kind of question is not common on interviews (specially considering the previous version of ISO 27001:2013 is from 2005), but the main differences are related to:
    - the structure
    - Interested parties
    - Documented information
    - Risk assessment and treatment
    - Objectives, monitoring and measurement
    - Corrective & preventive actions
    - Communication
    - the number of controls on Annex A.

    These articles will provide you further explanation about ISO 27001 2013 and 2005 versions:
    - A first look at the new ISO 27001 https://advisera.com/27001academy/blog/2013/01/28/a-first-look-at-the-new-iso-27001-2013-draft-version/
    - Infographic: New ISO 27001 2013 revision – What has changed? https://advisera.com/27001academy/knowledgebase/infographic-new-iso-27001-2013-revision-what-has-changed/

  • Knowledge and certifications for the Information security Officer


    Answer: Competences that can improve your performance as an Information security Officer are related to risk management, information security and audit. In terms of certification, you should consider the Lead Auditor or the Lead Implementer certification.

    These articles will provide you further explanation about competencies for an Information security Officer:
    - What is the job of Chief Information Security Officer (CISO) in ISO 27001? https://advisera.com/27001academy/knowledgebase/what-is-the-job-of-chief-information-security-officer-ciso-in-iso-27001/
    - What does ISO 27001 Lead Auditor training look like? https://advisera.com/27001academy/blog/2016/08/29/what-does-iso-27001-lead-auditor-training-look-like/
    - What does ISO 27001 Lead Implementer training look like? https://advisera.com/27001academy/blog/2016/11/28/what-does-iso-27001-lead-implementer-training-look-like/
    - How personal certificates can help yo ur company’s ISMS https://advisera.com/27001academy/blog/2014/10/06/how-personal-certificates-can-help-companys-isms/

    These materials will also help you regarding ISO 27001:
    - Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Page 740-vs-13485 of 1127 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +