Expert Advice Community

Guest

Board/Forum registration

  Quote
Guest
Guest user Created:   Oct 04, 2022 Last commented:   Oct 09, 2022

Board/Forum registration

1. If, we do not have to register to a board or forum, how does disputes of breaching being dealt with? To who do you report, except to the counterparty of the breach?
2. If, we need to be compliant by the 27th December 2022; how will that be determined without being registered at a forum?

0 0

Assign topic to the user

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Tudor Galos Oct 09, 2022
1. If, we do not have to register to a board or forum, how does disputes of breaching being dealt with? To who do you report, except to the counterparty of the breach?

If you offer goods or services to people in the EU, or if you are monitoring the behavior of people in the EU, you are subject to GDPR, according to Article 3 GDPR – Territorial scope. In this case, you need to assign an EU Representative, according to Article 27 GDPR - Representatives of controllers or processors not established in the Union. This EU Representative can be one of your subsidiaries in the EU, or if you don’t have one, a consultancy company/ other company which can represent you in the relationship with a Supervisory Authority. That Supervisory Authority becomes the Lead Supervisory Authority, and Data Subjects can file complaints/ notifications to it. In your Privacy Notice, you need to mention the Lead Supervisory Authority. If you have a personal data breach that results in risks to the freedoms and rights of data subjects, you also need to report that data breach within 72 hours of its discovery, to the Lead Supervisory Authority.

For example, you could designate in writing an EU Representative in Poland. In that case, the Polish Supervisory Authority will be the authority you need to report to.

2. If, we need to be compliant by the 27th December 2022; how will that be determined without being registered at a forum?

The new Standard Contractual Clauses must replace the old agreements by December 27, 2022. This is the responsibility of both the exporter of the personal data (the company in the EU) and the importer of the personal data (your company). The referenced Supervisory Authority is usually the one in the country of the data exporter. For example, if you receive personal data from France, the supervisory authority mentioned in the SCC should be the French Supervisory Authority, CNIL.

At Advisera, we have an EU GDPR Documentation Toolkit that could help you in your GDPR Compliance Journey. As part of the documentation, we have templates for Privacy Notices (necessary to mention the Lead Supervisory Authorities), a Data Breach Response and Notification Procedure, a Data Breach Notification Form to the Supervisory Authority, a template for the designation of an EU Representative, an International Personal Data Transfer Procedure as well as guidelines on how to fill the Standard Contractual Clauses. Also, you have Email support, Expert review of a document, One hour of live one-on-one online consultations with a GDPR expert,

Please also consult these links:

Tudor Galos
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Oct 04, 2022

Oct 09, 2022

Suggested Topics

Guest user Created:   Aug 10, 2021 EU GDPR
Replies: 1
0 0

Complying with GDPR

Guest user Created:   Feb 04, 2021 EU GDPR
Replies: 1
0 1

Digital consent registration

Guest user Created:   Oct 15, 2020 EU GDPR
Replies: 1
0 0

GDPR Implementation Questions