Consent, transferring and encrypting data
Assign topic to the user
Answer:
Transferring personal data to third-party service providers acting as data processors is not forbidden by the EU GDPR. However, you need to ensure that the processors have on place adequate technical and organizational measures to protect the data.
2. Do I need to get consent if I want to transfer the data?
Answer:
No, you don't need to have consent to use and to transfer personal data to third party processors. However, you need to ensure that the data subjects are informed of the use of such processors via a Privacy Notice.
For more information on privacy notices check out this webinar Privacy Notices under the EU GDPR (https://advisera.com/eugdpracademy/webinar/privacy-notices-under-the-eu-gdpr-free-webinar-on-demand/).
3. Do I need to encrypt the data before sending or what measures I need to take?
Answer:
Although not mandatory under the EU GDPR, I would strongly advise you to use encryption while sending personal data and also ask the processor to have encryption at rest. This is due to the fact that data concerning health is transferred.
You can find more information about the EU GDPR requirements on security in this EU GDPR Foundations Course (https://advisera.com/training/eu-gdpr-foundations-course//).
Comment as guest or Sign in
Aug 28, 2019