Guest user Created: Jul 30, 2019 Last commented: Jul 30, 2019

GDPR and inventory of processing activities

My company is a US based company that provides expense reimbursement to our customers. We have many employees in the US but very few in the EU. We also have EU customers. Customer data includes the name (phone number & business email address) of contact person for a customer. With respect to inventory of processing activities:

0 1

Assign topic to the user

Select user

Expert

Andrei Hanganu Jul 30, 2019

1. Does the GDPR standard apply to EU employees or global employees? I’m wondering if we can inventory our processing activities for employees only.

Answer:

The GDPR applies to data of individuals in the Union (EU). This means that it would apply to all processing activities where the personal data of the employees in the EU is involved with regard to which you are acting as a controller. The same applies to the data of the clients' employees for which you perform the reimbursement services as a processor.

2. Data is transferred from the EU to the US and back. This could include a contact name for a customer as well as a business email and phone number. Would inventory of processing activ ities be applicable in this case?

Answer:

Yes, you would need to be compliant with the provisions of art. 30 and to document the processing activities.

3. Is a business email address considered personal data?

Answer:

Usually, business emails are name.surname@companyname.com so it would be considered personal data except for generic email addresses such as office@companyname.com.

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jul 30, 2019

Expert Advice Community