GDPR clarifications

Is consent needed to transfer personal data to other countries outside EU?

Not necessarily. Content is needed only as an exemption if the other safeguards in Chapter 5 of the GDPR. If you want to find out more about international data transfers check out this webinar : “How to make personal data transfers to other countries compliant with GDPR” (https://advisera.com/webinars/how-to-make-personal-data-transfers-compliant-with-gdpr-free-webinar-on-demand/).

Do I need to have a data processing agreement with data controllers?

Although not mandated by the EU GDPR it is a best practice to have a Controller to Controller Agreement in place. You can find such a template at : https://advisera.com/eugdpracademy/documentation/controller-to-controller-data-processing-agreement/

When can legitimate interest be used as a legal basis?

It can be used but you need to perform a Legitimate Interest Assessment to prove that your interest is not infringing upon the rights and freedoms of the data subjects.

Do I need to insert data protection specific clauses in work contracts?

The GDPR does not specifically require such clauses to be included in the labor agreements however you need to ensure that you have in place appropriate confidentiality clauses.

Can I delete the data of a former emplyee if he makes a request?

The right to be forgotten in not an absolute right especially when we are taking about labor law. As a company you have some legal obligations so you need to ensure that you are not breaking such obligations before deleting the unnecessary data.

How much time do I have do delete the data?

The GDPR allows for one month before you need to respond to a request. However, if the request is complex you can extent the period to a maximum of 3 months. You can find out more about data subject rights in our webinar : Data Subject Rights under the EU GDPR (https://advisera.com/eugdpracademy/webinar/data-subject-rights-under-the-eu-gdpr-free-webinar-on-demand/).