Take the ISO 27001 course exam and get the EU GDPR course exam for free
LIMITED-TIME OFFER – VALID UNTIL SEPTEMBER 30, 2021

Expert Advice Community

Guest

Data protection: IT service provider

  Quote
Guest
Guest user Created:   Mar 03, 2021 Last commented:   Mar 05, 2021

Data protection: IT service provider

I am currently doing my own business as a sole proprietorship with IT services. It is interesting for me to know when I need a declaration of consent / AV contract and what exactly has to be in it.
Specifically, it is about issuing invoices, but also storing customer data in an administrative interface, i.e. personal data, and I think that consent is required, necessary passwords for the customer (WiFi, user accounts) as well as license keys and Device specifications.

0 0

Assign topic to the user

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Alessandra Nisticò Mar 05, 2021

You need consent to process a special category of personal data (the so-called sensitive data) and when your data processing goes beyond the fulfillment of a contractual obligation. In your case, when making a contract with a client for your software, the client agrees to data processing for the purposes of the contract: receiving the software, issuing invoices, store the IP, Wi-fi password, location, etc. This set of data you are collecting must be contained in the privacy notice and have as a legal basis the performing of contractual obligation.

However, if you want to process your client’s data for marketing purposes you need to ask a specific consent on it because the client when downloading the software reasonably expected that personal data would be processed to fulfill the obligation.The consent must be specific and given freely so you need to ask your client something like “Do you agree to receive information, promotions, from us?” or “Do you want that your data are shared with our partners for promotional advertisement?” The Client must be aware of the reasons you are asking him consent.

Here you can find more information on the legal basis to process personal data according to the GDPR and what to consider about the GDPR privacy notice:

If you want to learn how personal data are processed under the EU GDPR you may consider enrolling in our free training EU GDPR Foundations course: https://training.advisera.com/se/eu-gdpr-foundations-course//

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Mar 03, 2021

Mar 05, 2021

Suggested Topics

Guest user Created:   Sep 03, 2021 EU GDPR
Replies: 1
0 0

Applicability of employee data

Guest user Created:   Aug 12, 2021 EU GDPR
Replies: 1
0 0

DPIA’s and Clients' data