Call lists & substitution - who would be on the call list? What does substitution mean in this context?
Contact details - whose contact details are we recording?
Answers:
The “Call lists & substitution” refers to the telephone contacts and the replacements of the persons within the company which are tasked to handle data breaches. Same goes for the contact details.
Hypothetically yes, especially if you sell your chat software to EU companies this means you may be targeting data subjects in the Union.
Remittance Group and GDPR
Another question, if for the airtime, all the air time supplier deal with service provider and supplier, we are all sub-processor and it is bilateral way. how do we draft it in processor sub processor agreement? as we all could be processor and sub processor at any time. we cant put it as A is a processor, B is a sub processor, as A could be sub processor and B could be processor at anytime they could always change. Their relationship is bilateral. how should we draft the agreement?
Email subscription
Answer:
If you rely on consent for your marketing activities you need a “opt in” kind of consent so silence would not be considered a valid consent.
From your description you are a data controller for the data of your casino customers as well as your visitors. Being a casino and using the mrz scanners you are collecting a great deal of personal data including winning and maybe “high rollers” player profile. You are most likely also processing high quality video surveillance footage from our gambling tables.
So, my conclusion is that the EU GDPR will deeply impact your processing activities and you would need to have a full blown EU GDPR compliance program in force to prove compliance. You would need to focus on : privacy Notices, managing data subject rights, data protection impact assessments, third party compliance, data breaches basically everything.
All the documents in the EU GDPR Documentation Toolkit https://advisera.com/eugdpracademy/eu-gdpr-documentation-toolkit/ are meant to be cross industry so they will most likely need minimum amendment from your part. Based on you description you are acting as a processor for the cinemas you provide the software as well as the ticketing services. All the documents in the EU GDPR Documentation Too lkit are meant to be cross industry so they will most likely need minimum amendment from your part. Based on you description you are acting as a processor for the cinemas you provide the software as well as the ticketing services.
In this case the sections in the Toolkit regarding managing data subject rights and DPIAs would be less relevant to your activity. However, be aware that if you are established in the EU you will be acting as a data controllers as regards to the data of your employees.
In this case the sections in the Toolkit regarding managing data subject rights and DPIAs would be less relevant to your activity. However, be aware that if you are established in the EU you will be acting as a data controllers as regards to the data of your employees.
Based on your description you are processing personal data of users on your website especially the ones that fill in the contact form and those to whom you are sending newsletters to. In this case you are acting as a data controller and yes the EU GDPR is applicable to you regardless if you are a company or not.
As per art 4(7) – Definitions (https://advisera.com/gdpr/definitions/) of the EU GDPR controller means “the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or M ember State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law”.
Answer: You have to calculate the residual risk after the definition of the risk treatment to be applied. At this point the residual risk is the risk value you expect to achieve with the implementation of the controls. After the implementation of the controls, the risk value you will measure will confirm if the previously calculated value is correct, or if you have to make adjustments in the control implementation.
Answer: To obtain a ISO 27001 Lead Auditor Certification you should attend an ISO 27001 Lead Auditor course, so you can understand the concepts of ISO 27001 management system and the processes and techniques involved in an audit (there is no need to get the lead implementer certification first), and to be approved at the exam at the end of the course