- As a software company do we need to comply whit the provisions of Art. 30 of the GDPR?
- Do we need to perform DPIA for all the processing activities? Are there any criteria to be considered?
- How do we manage marketing communications? Are we required to obtain consent?
- Are there any specific requirements for software development?
- How about websites? Any advice on how to make a website compliant?
Assign topic to the user
EU GDPR DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
EU GDPR DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
EU GDPR DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
@Guest user
1. As a software company do we need to comply whit the provisions of Art. 30 of the GDPR?
Art. 30 Records or Inventory of Processing Activities are only mandatory if (a) the company has more than 250 employees, or (b) the processing the company carries out is likely to result in a risk to the rights and freedoms of data subjects; or (c) the processing is not occasional; or (d) the processing includes special categories of data (personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation);or (e) the processing includes personal data relating to criminal convictions and offenses.
@Guest user
2. Do we need to perform DPIA for all the processing activities? Are there any criteria to be considered?
No, you don`t. DPIAs are only compulsory for processing activities that are considered to be high risk to the rights and freedoms of the individuals. You can find a DPIA screening questionnaire in our EU GDPR Data Mapping & DPIA Toolkit (https://advisera.com/eugdpracademy/eu-gdpr-data-mapping-dpia-toolkit/).
@Guest user
3. How do we manage marketing communications? Are we required to obtain consent?
You can usually use consent for processing personal data for marketing purposes or alternatively you can use legitimate interest. The most common lawful ground used is however consent. When using consent keep in mind that consent must be freely given, specific, informed and unambiguous indication of the individual’s wishes. The controller must keep records so it can demonstrate that consent has been given by the relevant individual.
If you want to learn more about consent check out this free webinar How GDPR affects marketing practices (https://advisera.com/eugdpracademy/webinar/how-gdpr-affects-marketing-practices-free-webinar-on-demand/).
@Guest user
4. Are there any specific requirements for software development?
The EU GDPR is meant to be cross-industry so there are no industry-specific requirements. What I can mention is that when developing software you need to consider the “privacy by design” and “privacy by default” principles.
@Guest user
5. How about websites? Any advice on how to make a website compliant?
If you are processing personal data through your website then you need at least three documents: Website Terms and Conditions, Privacy Notice and Cookie Policy (if you are using cookies). You can find readily available templates in this EU GDPR Mini Toolkit for Websites (https://advisera.com/eugdpracademy/eu-gdpr-mini-toolkit-for-websites/).
Comment as guest or Sign in
Nov 14, 2019