Expert Advice Community

Guest

EU GDPR compliance and personal data

  Quote
Guest
Guest user Created:   Jun 11, 2019 Last commented:   Jun 11, 2019

EU GDPR compliance and personal data

Thank you for the opportunity to ask for some professional advice on the GDPR. Please help me understand the next questions:
0 0

Assign topic to the user

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Andrei Hanganu Jun 11, 2019

1. Where do I report a company that does not respond to my request on personal data?
2. Can a company report another company when not complying with GDPR?
3. I have a contract with accounting company. How do I become compliant?
4. I only have B2B customers do I need to be compliant with GDPR?

Answers:

1. You can report a company to the competent Data Protection Authority ( or Supervisory Authority) if you don`t get a response. However, consider that the company has one month to respond. If it has been more than one moth you can file a complaint. You can find a list of Supervisory Authorities at : https://edpb.europa.eu/about-edpb/board/members_en

If you want to find out more about your rights according to the EU GDPR check out this free webinar Data Subject Rights under the EU GDPR (https://advisera.com/eugdpracademy/webinar/data-subject-rights-under-the-eu-gdpr-free-webinar-on-demand/)

2. Yes, it can however the complaint needs to refer to individuals data and not company data such as as registration number, VAT code etc. The same mechanism for filing a complaint applies as for question no.1.

3. Usually accounting companies are acting as data processors so you would first need to check if any personal data is sent to the accounting company. If this happens you would need to have a Data Processing Agreement in place with the accounting company. This document needs to fulfill the requirements set up in art. 28 of the EU GDPR. You can find a readily available template for a Data Processing Agreement in this EU GDPR Documentation Toolkit (https://advisera.com/eugdpracademy/eu-gdpr-documentation-toolkit/)

4. I would say yes because besides B2B data you would be processing data of the representatives of the legal entities which are individuals therefore their data is personal data. Also, if you have employees you will be processing their personal data as well thus their personal data needs to be processed based on the GDPR requirements.

If you want to find out more about the applicability of the EU GDPR check out this EU GDPR Foundations Course ( https://training.advisera.com/se/eu-gdpr-foundations-course//).
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jun 11, 2019

Jun 11, 2019