GDPR and personal data handling

1. What is the difference between consent and explicit consent?

Based on the EU GDPR consent is a freely given, specific, informed and unambiguous indication of the individual’s wishes. The controller must keep records so it can demonstrate that consent has been given by the relevant individual. This would be consent in general.

Consent must be explicit if you are processing special category personal data or transferring personal data outside the EU. This entails a degree of formality, for example, the individual ticking a box containing the express word “consent”.

Explicit consent cannot be obtained through a course of conduct. If you want to find out more about consent check out this free webinar How to handle consents under GDPR: https://advisera.com/eugdpracademy/webinar/how-to-handle-consents-under-gdpr-free-webinar-on-demand/

2. What is the time and usual procedure when receiving a deleting request? What are the limitations regarding the time to respond to a request?

The time to answer a request from a data subject is usually one month but it can be prologued with another two months if the request is complex. If you want to find out more about answering requests check out this free webinar Data Subject Rights under the EU GDPR: https://advisera.com/eugdpracademy/webinar/data-subject-rights-under-the-eu-gdpr-free-webinar-on-demand/

3. Do emails containing personal data need to be encrypted?

Not necessarily, however, if you are sending large quantities of personal data or special categories of personal data you should consider encryption or other measures to secure the transfer.  

4. If I want to make a complanit because my data is being used abusively where do I need to go?

You can find a full list of contact details of all Supervisory Authorities in the EU at https://edpb.europa.eu/about-edpb/about-edpb/members_en