Expert Advice Community

Guest

GDPR and inventory of processing activities

  Quote
Guest
Guest user Created:   Jul 30, 2019 Last commented:   Jul 30, 2019

GDPR and inventory of processing activities

My company is a US based company that provides expense reimbursement to our customers. We have many employees in the US but very few in the EU. We also have EU customers. Customer data includes the name (phone number & business email address) of contact person for a customer. With respect to inventory of processing activities:
0 1

Assign topic to the user

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Andrei Hanganu Jul 30, 2019

1. Does the GDPR standard apply to EU employees or global employees? I’m wondering if we can inventory our processing activities for employees only.

Answer:

The GDPR applies to data of individuals in the Union (EU). This means that it would apply to all processing activities where the personal data of the employees in the EU is involved with regard to which you are acting as a controller. The same applies to the data of the clients' employees for which you perform the reimbursement services as a processor.

2. Data is transferred from the EU to the US and back. This could include a contact name for a customer as well as a business email and phone number. Would inventory of processing activ ities be applicable in this case?

Answer:

Yes, you would need to be compliant with the provisions of art. 30 and to document the processing activities.

3. Is a business email address considered personal data?

Answer:

Usually, business emails are name.surname@companyname.com so it would be considered personal data except for generic email addresses such as office@companyname.com.
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jul 30, 2019

Jul 30, 2019

Suggested Topics

Guest user Created:   Mar 20, 2018 EU GDPR
Replies: 1
0 0

Data Protection Officer