LIVE VIRTUAL TRAININGS
Learn in small groups from top experts and real-life examples

Expert Advice Community

Guest

GDPR compliance and data protection

  Quote
Guest
Guest user Created:   Dec 24, 2019 Last commented:   Dec 24, 2019

GDPR compliance and data protection

I have some questions that you may be able to help with.

  1. There is some suppliers like couriers that want to sign DPAs with us. Is this ok? Are couriers processors?
  2. Also since we want to start from January to work on our implementation how much time do you think we need? How about resources?
  3. Being a shipping company do we need to register?
  4. When we provide the notices to the crew members we are recruiting do they need to sign it?
  5. Are we allowed to keep the CVs for possible future arrangements?
  6. And if yes is there a time limit?
0 0

Assign topic to the user

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Andrei Hanganu Dec 24, 2019
1.There is some suppliers like couriers that want to sign DPAs with us. Is this ok? Are couriers processors?

Couriers act like independent data controllers so you need to sign a Controller to Controller Agreement. You can find such an Agreement in this EU GDPR Premium Documentation Toolkit: https://advisera.com/eugdpracademy/pricing/

2. Also since we want to start from January to work on our implementation how much time do you think we need? How about resources?

Both the time and resources depend on various factors such as the size of the company and the activities it performs. We have developed some tools that allow you to calculate the duration and the costs of becoming compliant. Check out this tool: https://advisera.com/eugdpracademy/eu-gdpr-compliance-duration-calculator/ .

3. Being a shipping company do we need to register?

As far as I know, this requirement no longer exists. However, you should check out the website of the local Supervisory Authority as this is a local decision.

4. When we provide the notices to the crew members we are recruiting do they need to sign it?

Privacy notices need to be made available to the data subjects but not necessarily signed. You can make them available on your website for example.

5. Are we allowed to keep the CVs for possible future arrangements?

Based on your legitimate interest or the candidate consent you can keep the CV longer. You need however to decide and asses which lawful ground would suit you best. You can find out more about Privacy Notices in this free webinar “Privacy Notices under the EU GDPR” https://advisera.com/eugdpracademy/webinar/privacy-notices-under-the-eu-gdpr-free-webinar-on-demand/ .

6. And if yes is there a time limit?

The GDPR does not provide specific retention principles however, based on the minimization principle personal data should not be kept more than needed to achieve the purpose for which it was collected. My suggestion is not to keep CVs for more than 1 year.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Dec 24, 2019

Dec 24, 2019

Suggested Topics

Guest user Created:   Aug 30, 2019 EU GDPR
Replies: 1
0 0

Questions on EU GDPR

Guest user Created:   Jun 02, 2018 EU GDPR
Replies: 1
0 0

Compliance exercise