Search results

Home / Search

Category:
Select
Select

11269 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Third Party Management


    Answer:

    Dues to the fact that joint controllership is quite rare and usually companies try to avoid that by being sole controllers such document is not part of our EU GDPR Documentation Toolkit.https://advisera.com/eugdpracademy/eu-gdpr-documentation-toolkit/

  • Unsubscribe or delete


    Answer:

    The question is too broad to be able to provide a precise answer. Basically it depends on where you got the data from and what you are using it for.

    If you use the data so send advertisement to those individuals you most likely you would need to delete their data if they don’t` consent to your marketing processing activity.

    To find out more about consent and marketing check out our webinar “How GDPR Affects Marketing Practices” https://advisera.com/eugdpracademy/webinar/how-gdpr-affects-marketing-practices-free-webinar-on-demand/

  • Data processors


    Answer:

    This depends on the nature of the contract you have with the processors. If you have a signed commercial contract then you would need to amend it to include a “Supplier Data Processing Agreement” or a similar document.

    However if you contracted some services and you don`t have a customized contract such as Amazon hosting services you can rely on the updated terms and conditions that the processor should issue to be compliant with the EU GDPR.

    To learn more about the processor obligations check out our free “EU GDPR Foundations Course” https://advisera.com/eugdpracademy/what-is-eugdpr/

  • Directive 95/46/EC


    Answer:

    The existing controller-controller and controller-processor Model Contracts will be grandfathered. The EU GDPR removes any need to obtain authorization from a supervisory authority.

    So the Model Contracts will remain valid after the EU GDPR comes into force so no need to change them even if they refer to the Directive.

    To find out more about cross border data transfers don`t miss our upcoming webinar “How to make personal data transfers to other countries” https://advisera.com/webinars/how-to-make-personal-data-transfers-compliant-with-gdpr-free-webinar-on-demand/

  • Control: 14.1.3 - Protecting application services transactions

    Please note that these items must be implemented only if:
    - There are unacceptable risks demanding the implementation of the items
    - There are legal requirements demanding the implementation oitemsf the
    - There is a top management decision demanding the implementation of the items

    If none of the above occurs, you do not need to implement these items.

    Considering that, you have to verify what of the above conditions occurs to each item to define which one, or both, will be implemented.

    This article will provide you further explanation about selecting controls:
    - The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/

    This material will also help you regarding selecting controls:
    - Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

  • ISO 27001 career


    Answer: Considering your interest in information security, ISO 27001 certification will be of great help to your career, because not only it presents a systematic way to implement, operate and improve an information security management system, but it is also a world-wide recognized and accepted standard, which will allow you to work in any part of the world.

    2 - Which should be pursued first LI/LA as per my case? I have shortlisted onto 3 certification bodies nearer to my place here in New Delhi(India) i.e. PECB / BSI / SGS. PECB is the most expensive and SGS as the least expensive.

    Answer: Let's start with the differences:
    - ISO 27001 Lead Implementer – this certification recognizes people who have competency on the ISO 27001 implementation process.
    - ISO 27001 Lead Auditor – this certification recognizes people who have competency on auditing an ISMS against ISO 27001 requirements and want to become certification auditor (and with this provides more confidence to an organization for being certified).

    Considering your stated background, the decision about which one to take will depend on your professional purposes. If you plan to work on the implementation of information Security Management Systems, then you should consider the Lead Implementer certification. If you plan to work on certifying ISMSs, or to ensure implemented ISMSs are complaint with ISO 27001 requirements, then you should consider the Lead Auditor certification.

    Regarding certification bodies, world-wide recognized LI/LA courses (also known as accredited courses), which are the first step to LI/LA certification, need to be compliant with ISO 17024 (General requirements for bodies operating certification schemes for persons), which helps ensure that even with different approaches their courses can provide confidence in the skills acquired by the people who pass their exams (PECB, BSI and SGS have accredited courses), so good criteria to select your training provider, besides cost, are the certification body reputation in your country and references from previous students (you may find these on professional social networks like LinkedIn).

    These articles will provide you further explanation about ISO 27001 personnel certifications:
    - What does ISO 27001 Lead Implementer training look like? https://advisera.com/27001academy/blog/2016/11/28/what-does-iso-27001-lead-implementer-training-look-like/
    - What does ISO 27001 Lead Auditor training look like? https://advisera.com/27001academy/blog/2016/08/29/what-does-iso-27001-lead-auditor-training-look-like/
    - Lead Auditor Course vs. Lead Implementer Course – Which one to go for? https://advisera.com/27001academy/blog/2014/06/16/lead-auditor-course-vs-lead-implementer-course-which-one-to-go-for/

    This material will also help you regarding ISO 27001 personnel certifications:
    - ISO 27001 Lead Auditor Course preparation training [free webinar on demand] https://advisera.com/training/iso-27001-lead-auditor-course/

  • Transition to ISO 9001:2015


    Answer:

    I recommend starting by performing a Gap Analysis to take a picture of the starting point. Then with that picture you can prepare a transition plan.

    I recommend initiate the change by clauses 4 and 6.

    The following material will provide you information about the transition:

    - ISO 9001 – How to make the transition from ISO 9001:2008 revision to the 2015 revision - https://advisera.com/9001academy/blog/2015/10/06/how-to-make-the-transition-from-iso-90012008-revision-to-the-2015-revision/
    - Free ISO 9001:2015 Gap Analysis Tool - https://advisera.com/9001academy/iso-9001-gap-analysis-tool/
    - free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
    - book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • Mandatory documents


    Answer:

    For the internal audit there are no specific mandatory documents besides those included in the standard and that should have been introduced with the implementation.

    The following material will provide you information about mandatory documents:

    - ISO 9001 – List of mandatory documents required by ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-90012015/
    - Checklist of Mandatory Documentation Required by ISO 9001:2015 - https://info.advisera.com/9001academy/free-download/checklist-of-mandatory-documentation-required-by-iso-90012015
    - free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
    - book - Discover ISO 900 1:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • Dropbox


    Answer:

    Unless you want to store the data locally there is not much you can do. As long as Dropbox keeps its end of the deal to keep the personal data safe you should be fine.

    Don`t forget to mention in your privacy notice(s) the fact that you are using a third party to store personal data.

    If you want to learn more about third party compliance check out our free “EU GDPR Foundations Course” https://advisera.com/training/eu-gdpr-foundations-course//

  • Terms and conditions

    2) Do we have to review our Terms and Conditions as well? Or is the privacy notice along with our Terms and conditions enough?

    Answers:

    For your existing users notifying them would be enough. Basically, the notice is an informative document to let know the data subjects what personal data you use when they are using your platform so if they don`t agree they can choose not to use it.
    Depends what is written in the Terms and Conditions. If they refer only to what the customers are allowed to do on the platform and what their liabilities are most likely you don’t need to review them. However, if you have references to data protection matters then you should remove those and only have them separate in your Privacy Notice.

    You can find more info rmation about privacy notices from our free “EU GDPR Foundations Course” https://advisera.com/training/eu-gdpr-foundations-course//
Page 752-vs-13485 of 1127 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +