Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11272 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Data transfer
Answer:
Once the EU GDPR kicks in you would need to provide a Privacy Notice to the individuals whose data you are collecting during the shows you mentioned.
Your privacy notice should contain the information required by EU GDPR art. 13 “ Information to be provided where personal data are collected from the data subject” (https://advisera.com/eugdpracademy/gdpr/information-to-be-provided-where-personal-data-are-collected-from-the-data-subject/ ) namely:
• Your identity, contact details and details of your representative (if any);
• The contact details of your data protection officer;
• The purpose and legal basis of processing. Where legitimate interests is relied upon, details of those interests;
• The right to withdraw consent (if this is the basis for any processing;
• The categories of personal data processed;
• The recipients or categories of recipients of personal data;
• Details of any intended transfer outside the Union. Details of any safeguards relied upon and the means to obtain copies of transfer agreements;
• The period for which data will be stored or the criteria used to determine this period;
• A list of the individual’s rights, including the right to object to direct marketing, make a subject access request, and to be “forgotten”;
• Details of any automated decision making, including details of the logic used and potential consequences for the individual;
• Whether provision of personal data is a statutory or contractual requirement, whether disclosure is mandatory and the consequence of not disclosing personal data;
• The right to complain to a supervisory authority;
To find out more about privacy notices check out our webinar “Privacy Notices under the EU GDPR” https://advisera.com/eugdpracademy/webinar/privacy-notices-under-the-eu-gdpr-free-webinar-on-demand/ as well as our free “EU GDPR Foundations Course” https://advisera.com/training/eu-gdpr-foundations-course// -
Planning changes to the QMS
Answer:
Presently I am working with a manufacturing shoe company with a QMS for production of comfort fashion shoes. They are making a change to their QMS to include in the scope the production of occupational uniform shoes to corporations – other requirements, other materials, other processes.
Last year I worked with an injection molding company that duplicated the number of machines and changed location to another site, with a lot of new workers recruited – that was a great change in planning, operating and controlling production.
Some years ago, I worked with a machine manufacturing company. One of their operations was painting parts of the machines. Then, due to stricter environmental legislation they decided to subcontract that operation to a painting services specialist. They had to change their production planning and quality control to consider the new flow of production.
I hope that these examples show what can be considered “a change to the QMS”.
The following material will provide you information about planning change:
- ISO 9001 – QMS Change Management in 7 steps - https://advisera.com/9001academy/blog/2016/11/29/qms-change-management-in-7-steps/
- free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Personal data
Answer: Broadly speaking, any information that can identify or be related to an identifiable natural person must be considered personal data (e.g., name, address, email address, etc.).
Considering that, the most common information gathered during an internal audit that is personal data refers to employees and to their competence records. Depending upon the QMS scope, an auditor may have access to organization's clients personal data (e.g., when the organization's scope includes customer support services, or financial processes), so you should consider evaluating the scope statement to identify other types of personal data that auditor may be find. -
Organizational knowledge and processes or individuals
Answer:
The first two paragraphs of clause 7.1.6 are about keeping and sharing when needed, the necessary knowledge to operate processes and getting conforming products and services. What I do is: look for each process and list the roles that participate, and determine what kind of knowledge someone with that role need to be autonomous and make good decisions, aligned with the quality policy and objectives. So, it is about processes and roles more than with individuals. Individuals come when you look to competencies and clause 7.2.
The following material will provide you information about the organizational knowledge:
- ISO 9001 – How to manage knowledge of the organization according to ISO 9001 – https://advisera.com/9001academy/blog/2016/08/30/how-to-manage-knowledge-of-the-organization-according-to-the-iso9001/
- free online training ISO 9001:2015 Foundations Course – https://t raining.advisera.com/course/iso-90012015-foundations-course/
- book – Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Employee security awareness training
Answer:
There is no single document explaining to employees what to do and how to treat personal data within the a specific company. However, if you take a closer look each of the policies/procedures in the “EU GDPR Documentation Toolkit” refer to specific tasks that some employees need to undertake in order to ensure compliance with the EU GDPR.
You can start by going through the documents starting with the “Personal data protection policy” and build up your own list of responsibilities for your employees.
You can also use our free “EU GDPR Foundations Course” https://advisera.com/training/eu-gdpr-foundations-course// as a reference. -
Re-consent
Answer:
Unless the 20000 emails belong to the members of the charity you would need to reach out to get consent from the data subject before engaging them is email and SMS marketing activities. If you don`t have the means to prove that consent was given is a if it does not exist.
Makes sure that the consent fulfills the requirements of the EU GDPR namely to be freely given, specific, informed and unambiguous indication of the individual’s wishes. You must keep records so it can demonstrate that consent has been given by the relevant individual.
To find out more about consent you can check out our webinar “How to handle consents under GDPR” (https://advisera.com/eugdpracademy/webinar/how-to-handle-consents-under-gdpr-free-webinar-on-demand/ ) as well as our free “EU GDPR Foundations Course” https://advisera.com/training/eu-gdpr-foundations-course// -
Resources for ISO 27001 Exam
Thats great many thanks for your help. Syed. -
Reaction plan vs Contingency plan
Answer:
There is no big difference between contingency and reaction plan, the both plans represent the series of steps that you would take in response to a specified abnormal condition and help to minimize damage. They are often referred to as "Plan B," because they can be also used as an alternative for action if expected results fail to materialize. The plans are a component of business continuity, disaster recovery and risk management.
Here you can download free preview of our Contingency Plan https://advisera.com/16949academy/documentation/contingency-plan/ -
Data Protection Directive
Answer:
Where consent has been given under the Data Protection Directive, it will continue to be valid under the EU GDPR if it also meets the requirements of the Regulation.
This may be difficult given the new and stringent requirements for consent. In theory, you should therefore consider approaching your existing customers to obtain a fresh consent that is valid under the EU GDPR. Be aware that opt-out consents are not valid under the EU GDPR.
Basically you need to benchmark the consents you already have against the requirements of the EU GDPR and if the consents meet those requirements you need to do nothing if they don`t you need to reach out to the individuals to get new compliant consents. -
ISO 27001/GDPR
Answer:
ISO 27001 is a standard that specifically deals with information security. ISO27001 and GDPR overlap in terms of keeping personal data secure as required by EU GDPR art. 32 “Security of processing” (https://advisera.com/eugdpracademy/gdpr/security-of-processing/).
So, basically adding to your current security framework additional measures as per the ISO27001 standard will help you to be in compliance with the EU GDPR.
To learn more about the EU GDPR check out our “EU GDPR Foundations Course” https://advisera.com/training/eu-gdpr-foundations-course//