Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11278 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Transfer of the personal data
Answer:
Based on your example you are not facing a cross border data transfer.
If you want to find out more about cross border data transfers check out our webinar “ How to make personal data transfers to other countries compliant with GDPR” https://advisera.com/webinars/how-to-make-personal-data-transfers-compliant-with-gdpr-free-webinar-on-demand/ -
Disposal of Commercial Shredded Paper
Answer:
This is not something which is regulated by the EU GDPR and it is entirely up to the company. But, my opinion is that if those documents contain sensitive personal data they should be disposed of in a controlled environment and not in someone's home.
To learn more about the EU GDPR check out our free “EU GDPR Foundations Course” https://advisera.com/training/eu-gdpr-foundations-course// -
Threshold questionnaire
Answer:
The threshold questionnaire can be found in document 5.2 DPIA Register – the first 5 questions are the Threshold questionnaire.
To find out more about DPIA check out our webinar “Seven steps of Data Protection Impact Assessment (DPIA) according to EU GDPR” https://advisera.com/eugdpracademy/webinar/seven-steps-of-data-protection-impact-assessment-dpia-according-to-eu-gdpr-free-webinar-on-demand/ -
Data Processing Agreement and Data Processing Addendum
When using a third party to process personal data on your behalf you need to ensure that it provides “sufficient guarantees to implement appropriate technical and organizational measures in such a manner that processing will meet the requirements of this Regulation” ( art. 28(1) - “Processors” (https://advisera.com/eugdpracademy/gdpr/processor/).
So, whenever you contract a third party to process personal data on your behalf you need to have a Data Processing Agreement/Addendum (there is not difference they both means the same thing). You can choose to have the content of the Data Processing Agreement/Addendum as a separate section of the commercial agreement although it will be harder to manage.
To learn more about processor obligations check out our free “EU GDPR Foundations Course” https://advisera.com/training/eu-gdpr-foundations-course// -
Adapting documentation language
Answer:
For internal use the English language documents would be enough.
However customer facing documents should be written in local language. Moreover, supervisory authorities would most likely ask for any documents to be presented to them in local language as well. -
Existing contracts and GDPR
Answer:
If you are talking about the contracts with the third parties acting as your data processors than most likely you need to ad to those commercial contact a Data Processing Agreement/Processor addendum or another legally binding document to regulate the relation between you as controller and your third party as data processor.
To learn more about controllers and processors check out our free “EU GDPR Foundations Course” https://advisera.com/training/eu-gdpr-foundations-course// -
Processing of sensitive personal data
Assessing the legality of the processing activity as regards to sensitive personal data is something that the controller needs to do. What you need to ensure is that in the contract with the your customer you state that he is fully liable for ensuring that the personal data is collected and processed in a lawful manner. -
ISO 27001 versions
Whats the difference between the previous version and new version of ISO 27001.
Answer: This kind of question is not common on interviews (specially considering the previous version of ISO 27001:2013 is from 2005), but the main differences are related to:
- the structure
- Interested parties
- Documented information
- Risk assessment and treatment
- Objectives, monitoring and measurement
- Corrective & preventive actions
- Communication
- the number of controls on Annex A.
These articles will provide you further explanation about ISO 27001 2013 and 2005 versions:
- A first look at the new ISO 27001 https://advisera.com/27001academy/blog/2013/01/28/a-first-look-at-the-new-iso-27001-2013-draft-version/
- Infographic: New ISO 27001 2013 revision – What has changed? https://advisera.com/27001academy/knowledgebase/infographic-new-iso-27001-2013-revision-what-has-changed/ -
Knowledge and certifications for the Information security Officer
Answer: Competences that can improve your performance as an Information security Officer are related to risk management, information security and audit. In terms of certification, you should consider the Lead Auditor or the Lead Implementer certification.
These articles will provide you further explanation about competencies for an Information security Officer:
- What is the job of Chief Information Security Officer (CISO) in ISO 27001? https://advisera.com/27001academy/knowledgebase/what-is-the-job-of-chief-information-security-officer-ciso-in-iso-27001/
- What does ISO 27001 Lead Auditor training look like? https://advisera.com/27001academy/blog/2016/08/29/what-does-iso-27001-lead-auditor-training-look-like/
- What does ISO 27001 Lead Implementer training look like? https://advisera.com/27001academy/blog/2016/11/28/what-does-iso-27001-lead-implementer-training-look-like/
- How personal certificates can help yo ur company’s ISMS https://advisera.com/27001academy/blog/2014/10/06/how-personal-certificates-can-help-companys-isms/
These materials will also help you regarding ISO 27001:
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/ -
Audit and certification
Answer: For certification purposes, only auditors related to certification bodies can perform such audits, and the choice regarding which certification body will lead the process is up to the organization itself.
These articles will provide you further explanation about ISO 27001 certification process:
- How to choose a certification body https://advisera.com/blog/2021/01/11/how-to-choose-an-iso-certification-body/
- Becoming ISO 27001 certified – How to prepare for certification audit https://advisera.com/27001academy/iso-27001-certification/
These materials will also help you regarding ISO 27001 certification process:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 270 01 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- ISO 27001/ISO 22301: The certification process [free webinar on demand] https://advisera.com/27001academy/webinar/iso-27001iso-22301-certification-process-free-webinar-demand/
This page can help you find a certification body: https://advisera.com/