Expert Advice Community

Guest

GDPR consent and scope identification

  Quote
Guest
Guest user Created:   Sep 17, 2020 Last commented:   Sep 18, 2020

GDPR consent and scope identification

Hi i want your help to implement consent management in the following scenario additionally please help to identify SCOPE as well:

ABC company offers freight and logistic management application to UK business. application allows creation of admin user and then administrator creates multiple user in the application. Administrator created/assigned username and password are then used by corresponding staff to carry out there task/access the application. during this process (name, email id, username and password ) details are stored in Azure hosting server (maintained by Administrator). so, how the consent management should be implemented and complied in the application. (is it require to maintain consent for administrator only or for all the users having access to application) or not at all. during the process of accessing the application end user IP and location is also stored in application. application is build based on the requirement from UK based business and not published on ABC's website. so how to identify scope. as i am not sure whether gdpr can be applied to only specific product of the organization and not whole organization.

0 0

Assign topic to the user

Assign

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Alessandra Nisticò Sep 18, 2020

ABC Company is the controller of his own staff's personal data. In the job contract or in the staff privacy notice, the staff gave consent to ABC company to process personal data to carry the task of the job, which means also transfer data to processors or the third parties if related to the job.

The application, therefore, will be a processor that processes ABC’s staff personal data on the behalf of the organization for the scope to fulfill the software license agreement (use the application). Therefore, there will be a data processing agreement between ABC Company and Application Company which regulates how ABC’s data will be processed accordingly Article 28 GDPR requirements.

GDPR applies to the whole organization and all its data processing activities whether they are computer-based or not.

Here you can find more information:

If you want to know more about GDPR compliance you can consider enrolling in this EU GDPR Foundations Course: https://training.advisera.com/course/eu-gdpr-foundations-course/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Sep 17, 2020

Sep 18, 2020

Suggested Topics

Guest user Created:   May 27, 2020 EU GDPR
Replies: 1
0 0

E-privacy laws compliance

Guest user Created:   Oct 22, 2020 EU GDPR
Replies: 1
0 0

Is acceptance of COOKIES part of GDPR?

Guest user Created:   Oct 21, 2020 EU GDPR
Replies: 1
0 0

EU GDPR in UK