Expert Advice Community

Guest

GDPR and processing of personal data

  Quote
Guest
Guest user Created:   Aug 20, 2019 Last commented:   Aug 20, 2019

GDPR and processing of personal data

1. We have a subscription based service that stores a users identifying information as well as a transaction history. As this information is only used internally, and is not shared outside of the company, are we still forced to abide by GDPR?
0 0

Assign topic to the user

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Andrei Hanganu Aug 20, 2019

Answer:

The GDPR applies regardless if the personal data is processed internally or shared with third parties outside the company.

2. Also, are we able to stored IP addresses for the purpose of mitigating DDoS attacks or must we anonymize or use GEO location

Answer:

You may be able to retain IPs based on "legitimate interest" for security purposes such as DDoS attacks. However, the users need to be informed about the processing of their personal data according to art. 13 an 14 of the EU GDPR.

If you need to find out more about the EU GDPR please check out this EU GDPR Foundations Course https://training.advisera.com/se/eu-gdpr-foundations-course//
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Aug 20, 2019

Aug 20, 2019

Suggested Topics

Guest user Created:   Oct 22, 2019 EU GDPR
Replies: 1
0 0

EU GDPR and Personal Data Processing

Guest user Created:   Oct 28, 2021 EU GDPR
Replies: 1
0 1

Questions for GDPR

Guest user Created:   Oct 06, 2021 EU GDPR
Replies: 1
0 0

Using messages as evidence