Expert Advice Community

Guest

DPIA, consent and other EU GDPR questions

  Quote
Guest
Guest user Created:   Dec 30, 2019 Last commented:   Dec 30, 2019

DPIA, consent and other EU GDPR questions

1.What documents in the  EU GDPR Premium Documentation Toolkit toolkit are mandatory?

2.Usually how many DPIA does a medium size company need to perform?

3.Can an employer ask consent from employees for sending their data outside the EU ?

4.Is ISO27001 enough in terms of security measures?

5.When does a company outside EU need to appoint a representative?

6.Is it a specific formality?

0 0

Assign topic to the user

Assign

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Andrei Hanganu Dec 30, 2019

1.What documents in the  EU GDPR Premium Documentation Toolkit toolkit are mandatory?

You can find a list of the mandatory documents on the  EU GDPR Premium Documentation Toolkit product page under the "Toolkit Documents" subsection: https://advisera.com/eugdpracademy/eu-gdpr-premium-documentation-toolkit/

2.Usually how many DPIA does a medium size company need to perform?

The number of DPIAs depends on the number of your processing activities as well as on their complexity and the effect that they may have on the rights and freedoms of the data subjects. You can find more about DPIAs in this free webinar Seven steps of Data Protection Impact Assessment (DPIA) according to EU GDPR (https://advisera.com/eugdpracademy/webinar/seven-steps-of-data-protection-impact-assessment-dpia-according-to-eu-gdpr-free-webinar-on-demand/).

3.Can an employer ask consent from employees for sending their data outside the EU ?

 Consent is not recommended to be used as a lawful base when dealing with employee personal data. I recommend using legitimate interest instead.

4.Is ISO27001 enough in terms of security measures?

 ISO27001 is a best practice when it comes to security and usually, it should be enough as long as the security measures cover all the processes where personal data are involved.

5.When does a company outside EU need to appoint a representative?

Where the offering or monitoring tests apply, the controller or processor must appoint a representative. That representative must be based in a Member State in which the relevant individuals are based. There is a limited exemption to the obligation to appoint a representative where the processing is occasional, is unlikely to be a risk to individuals and does not involve large scale processing of sensitive personal data.

6.Is it a specific formality?

Yes, there is you can find a representative appointment letter in our EU GDPR Premium Documentation Toolkit (https://advisera.com/eugdpracademy/eu-gdpr-premium-documentation-toolkit/).

 

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Dec 30, 2019

Dec 30, 2019

Suggested Topics

Guest user Created:   Sep 21, 2020 EU GDPR
Replies: 1
0 0

EU GDPR compliance

Guest user Created:   Sep 17, 2020 EU GDPR
Replies: 1
0 0

GDPR consent and scope identification