DPIA, consent and other EU GDPR questions
1.What documents in the EU GDPR Premium Documentation Toolkit toolkit are mandatory?
2.Usually how many DPIA does a medium size company need to perform?
3.Can an employer ask consent from employees for sending their data outside the EU ?
4.Is ISO27001 enough in terms of security measures?
5.When does a company outside EU need to appoint a representative?
6.Is it a specific formality?
Assign topic to the user
EU GDPR DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
EU GDPR DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
EU GDPR DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
1.What documents in the EU GDPR Premium Documentation Toolkit toolkit are mandatory?
You can find a list of the mandatory documents on the EU GDPR Premium Documentation Toolkit product page under the "Toolkit Documents" subsection: https://advisera.com/eugdpracademy/eu-gdpr-premium-documentation-toolkit/
2.Usually how many DPIA does a medium size company need to perform?
The number of DPIAs depends on the number of your processing activities as well as on their complexity and the effect that they may have on the rights and freedoms of the data subjects. You can find more about DPIAs in this free webinar Seven steps of Data Protection Impact Assessment (DPIA) according to EU GDPR (https://advisera.com/eugdpracademy/webinar/seven-steps-of-data-protection-impact-assessment-dpia-according-to-eu-gdpr-free-webinar-on-demand/).
3.Can an employer ask consent from employees for sending their data outside the EU ?
Consent is not recommended to be used as a lawful base when dealing with employee personal data. I recommend using legitimate interest instead.
4.Is ISO27001 enough in terms of security measures?
ISO27001 is a best practice when it comes to security and usually, it should be enough as long as the security measures cover all the processes where personal data are involved.
5.When does a company outside EU need to appoint a representative?
Where the offering or monitoring tests apply, the controller or processor must appoint a representative. That representative must be based in a Member State in which the relevant individuals are based. There is a limited exemption to the obligation to appoint a representative where the processing is occasional, is unlikely to be a risk to individuals and does not involve large scale processing of sensitive personal data.
6.Is it a specific formality?
Yes, there is you can find a representative appointment letter in our EU GDPR Premium Documentation Toolkit (https://advisera.com/eugdpracademy/eu-gdpr-premium-documentation-toolkit/).
Comment as guest or Sign in
Dec 30, 2019