Take the ISO 27001 course exam and get the EU GDPR course exam for free
LIMITED-TIME OFFER – VALID UNTIL SEPTEMBER 30, 2021

Expert Advice Community

Guest

EU GDPR questions

  Quote
Guest
Guest user Created:   Feb 21, 2021 Last commented:   Feb 22, 2021

EU GDPR questions

1. A software development company has developed a software solution where personal data is collected and processed in the cloud - during a pilot period a telecom company is offering this solution to their end clients, however the Terms & Conditions of the software development company are displayed in the application. The question is - what are the telecom company and software development company - controllers, joint-controllers, or something else?

2. Same relationship between software development company and a telecom company like in the first question, only this is not a pilot period any more, and Terms & Conditions are displayed from the telecom company (i.e. the software development company is not visible any more to the end clients) - again the same question - who has which role?
3. If a software solution includes monitoring of movement of elderly persons in their homes for the purpose of medical care, would this require consent from the monitored (elderly) persons since they would not operate the software? The software would be operated by medical professionals. What would be the most practical solution for the consent in this situation?

0 0

Assign topic to the user

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Alessandra Nisticò Feb 22, 2021

1. A software development company has developed a software solution where personal data is collected and processed in the cloud - during a pilot period a telecom company is offering this solution to their end clients, however the Terms & Conditions of the software development company are displayed in the application. The question is - what are the telecom company and software development company - controllers, joint-controllers, or something else?

It depends on who has the control over personal data collected, if both companies have access to data they can be defined as joint controllers, while if the development company has access to data collected through the app it should be considered as a processor. The telecom company will always be a controller because the app is provided to its end clients, so it can decide the means and purposes of data processing (even providing an app to its clients is a choice on data processing). So you need to determine how independent is the development company from the telecom company in collecting and processing data from users. If they cooperate on the same level, defining together how to process data, they will be a joint controller. On the contrary, if the telecom company requested an app with some characteristics and a certain kind of data processing and access to data, the development company is processing data on behalf of the telecom company and acting as a data processor.

2. Same relationship between software development company and a telecom company like in the first question, only this is not a pilot period any more, and Terms & Conditions are displayed from the telecom company (i.e. the software development company is not visible any more to the end clients) - again the same question - who has which role?

The answer is the same as above. It does not depend on Terms and Condition but on who decide how to process data, who has access to data, who manages data. In any case, the telecom company will be the controller, the software development company will be a joint controller or processor depending on the level of independence in determining how to process personal data.

3. If a software solution includes monitoring of movement of elderly persons in their homes for the purpose of medical care, would this require consent from the monitored (elderly) persons since they would not operate the software? The software would be operated by medical professionals. What would be the most practical solution for the consent in this situation?"

Yes. It requires consent from elderly persons. It should be indicated in the consent that the patient provides to the medical professionals for therapy or diagnostic purposes on the medical treatment through that software which may monitor its behavior. From an accountability point of view, the software should ask consent to any patient, and of course, it will be the medical professional that materially “clicks” on the “I agree” button once acquired the consent to the medical treatment from the patient.

Here you can find more information on the role of processor and controller

If you want to learn how to process data under the EU GDPR you may consider enrolling in our free training EU GDPR Foundations course: https://training.advisera.com/se/eu-gdpr-foundations-course//

Quote
0 0
Guest
Guest user Feb 22, 2021

Thank you for your responses.

I would like however to question the response on Consent of the Elder.

This solution is built for the sole purpose of monitoring the Elder in conjunction with the caregiver. It is their data for them to use and interpret how they wish. We are simply presenting the data for the Caregiver and Elder to use. They pay us for this service. i.e. we have a contractual obligation to collect this data for them to consume.

Therefore can we not just state in the Terms of the application that it is the responsibility of the registered user to ensure they have full consent from the Elder being monitored, and avoid a consent process ?

Quote
0 0
Expert
Alessandra Nisticò Feb 22, 2021

The software company acts as a processor while the caregiver is the data controller. In that case, your privacy notice will state that the controller is the caregiver since it is the person that has control over data processing. You will also need a data protection agreement with caregivers annexed to your commercial licensing/software agreement.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Feb 21, 2021

Feb 22, 2021

Suggested Topics

Guest user Created:   Feb 05, 2020 EU GDPR
Replies: 1
0 0

EU GDPR questions

Guest user Created:   Jan 21, 2020 EU GDPR
Replies: 1
0 0

EU GDPR questions