Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11277 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Templates for ISO 17025
By the end of March we will publish a ISO 17025 toolkit, and there you will find all the required documents to comply with this standard. -
ISO 27001 and EU GDPR trainings
Answer: ISO 27001 and EU GDPR are complementary frameworks and you should consider attending trainings for both.
ISO 27001 will provide you knowledge about definition, implementation, operation, control and improvement of information security, while EU GDPR provider knowledge about what must be considered to ensure protection of data. So, while EU GDPR informs about what you have to require from those holding your data, ISO 27001 informs how to fulfill these requirements and ensure the controls applied are working as expected.
This article will provide you further explanation about ISO 27001 and EU GDPR:
- Does ISO 27001 implementation satisfy EU GDPR requirements? https://advisera.com/27001academy/blog/2016/10/17/does-iso-27001-implementation-satisfy-eu-gdpr-requirements/
This material will also help you regarding ISO 27001:
- Free online training ISO 27001 Foundations Course https://training.advis era.com/course/iso-27001-foundations-course/
- Free online training EU GDPR Foundations Course https://advisera.com/training/eu-gdpr-foundations-course// -
APQP , PPAP , FMEA and IATF 16949
Answer:
There was no substantial changes regarding APQP , PPAP , FMEA, IAF is planning to publish new documents for APQP and FMEA but the changes won't require modification of the existing documentation. So you can kep your existing APQP , PPAP , FMEA documents.
For more information, see: What are the five core tools of IATF 16949? https://advisera.com/16949academy/blog/2017/08/23/what-are-the-five-core-tools-of-iatf-16949/ -
ISO 9001 warehousing requirements
You can audit only parts of the system during the individual internal audit. In that sense you can audit the hub against the applicable requirements of the standard and QMS documentation and that is all. If the findings of the audits are insufficient, you can later expand the scope of the audit. -
Article 20 Right to data portability
(1) Indicates the data subject has the right to receive the personal data concerning him or her, which he or she has provided to a controller…
(2) … the data subject shall have the right to have the personal data transmitted directly from one controller to another…
If a data subject requests to have his/her data transmitted directly from one controller to another and the recipient controller only utilizes a subset of the data provided. If at some future point the data subject requests to have his/her data transmitted again… is the new controller required to provide all of the data (including data elements that were included in the original transmission but never utilized)? Or is it ok to just transmit the data that was actually used? (just a subset of the original data)
Example:
Data Transmitted from Controller A to Controller B
· Name (prefix, first, middle, last, suffix)
· Nick Name
· DOB
· Email addresses (primary, secondary, professional…)
· Mailing address
· Title
· Credentials
· List of interests
· List of books read
Data Supported and Utilized by Controller B
· Name (prefix, first, middle, last, suffix)
· Email address (only primary)
· Mailing Address
· Title
· Credentials
Data subject requests Controller B to transmit data to Controller C… What is Controller B required to transmit to Controller C?
Answer:
I just want to begin by saying that the right to data portability as defined by EU GDPR article 20 (https://advisera.com/eugdpracademy/gdpr/right-to-data-portability/) only applies:
- to personal data “provided to” the controller by the data subject for example to photos posted to a social network or content stored on a cloud service; and
- where the controller is processing personal data is based on consent or performance of a contract.
To come back to your example Controller B, if faced with a request for data portability, will need to provide to Controller C only the data that it processes in order to provide the service to the data subject not the excess data that the Controller A provided. -
Privacy Notices
Answer:
In terms of Privacy Notices there are no exemptions regardless of the size or type of business, as long as you are a controller you need to present the relevant notices to the data subjects. E-commerce type businesses are not exempted so Notices are required as well. As for facilities as Mailchipm or Awebber they are only platforms that you can use to deliver mails or newsletters so the targeted dat a subjects need to be properly informed and to consent to be targeted by marketing campaigns. If you however want to generate leads and than pass the information to third parties you would need to obtain the consent of the data subjects for their information to be processed by those third parties. -
EU GDPR in school
Answer:
The EU has suggested using standardized icons specifically with regards to privacy notices intended for children. Unfortunately they have not currently agreed on these standardized icons, but I agree that it will probably be the easiest way to communicate your privacy notice(s) to your pupils. If you choose to do a predominantly (or exclusively) textual privacy notice, you will need to ensure that the language used is understandable for children at the lowest age group. -
Data Disclosure Form
Answer:
It is not the Data Disclosure Form which is mandatory but rather the information you need to provide to the data subject. You can find a template for a Data Subject Disclosure form in our EU GDPR implementation toolkit https://advisera.com/eugdpracademy/documentation/data-subject-disclosure-form/ -
Privacy notice
Answer:
If employee data is being sent constantly outside EEA then you need to inform your employees about this via privacy notice. If the data being sent is the same every time a transfer occurs you need only to present the notice once and keep it available so the employee can access it at any time. -
EU GDPR toolkit documents
Answer:
Besides the notices and consent related documents there are no requirements for you to make public other EU GDPR implementation documents https://advisera.com/eugdpracademy/eu-gdpr-documentation-toolkit/ However policy documents such as the " General Data Protection Policy" could be made public as well as a way to prove commitment.