GDPR and inventory of processing activities
Assign topic to the user
1. Does the GDPR standard apply to EU employees or global employees? I’m wondering if we can inventory our processing activities for employees only.
Answer:
The GDPR applies to data of individuals in the Union (EU). This means that it would apply to all processing activities where the personal data of the employees in the EU is involved with regard to which you are acting as a controller. The same applies to the data of the clients' employees for which you perform the reimbursement services as a processor.
2. Data is transferred from the EU to the US and back. This could include a contact name for a customer as well as a business email and phone number. Would inventory of processing activ ities be applicable in this case?
Answer:
Yes, you would need to be compliant with the provisions of art. 30 and to document the processing activities.
3. Is a business email address considered personal data?
Answer:
Usually, business emails are name.surname@companyname.com so it would be considered personal data except for generic email addresses such as office@companyname.com.
Comment as guest or Sign in
Jul 30, 2019