GDPR consent and scope identification
Hi i want your help to implement consent management in the following scenario additionally please help to identify SCOPE as well:
ABC company offers freight and logistic management application to UK business. application allows creation of admin user and then administrator creates multiple user in the application. Administrator created/assigned username and password are then used by corresponding staff to carry out there task/access the application. during this process (name, email id, username and password ) details are stored in Azure hosting server (maintained by Administrator). so, how the consent management should be implemented and complied in the application. (is it require to maintain consent for administrator only or for all the users having access to application) or not at all. during the process of accessing the application end user IP and location is also stored in application. application is build based on the requirement from UK based business and not published on ABC's website. so how to identify scope. as i am not sure whether gdpr can be applied to only specific product of the organization and not whole organization.
Assign topic to the user
ABC Company is the controller of his own staff's personal data. In the job contract or in the staff privacy notice, the staff gave consent to ABC company to process personal data to carry the task of the job, which means also transfer data to processors or the third parties if related to the job.
The application, therefore, will be a processor that processes ABC’s staff personal data on the behalf of the organization for the scope to fulfill the software license agreement (use the application). Therefore, there will be a data processing agreement between ABC Company and Application Company which regulates how ABC’s data will be processed accordingly Article 28 GDPR requirements.
GDPR applies to the whole organization and all its data processing activities whether they are computer-based or not.
Here you can find more information:
- Article 28 GDPR: https://advisera.com/eugdpracademy/gdpr/processor/
- Is consent needed? Six legal bases to process data according to GDPR: https://advisera.com/eugdpracademy/knowledgebase/is-consent-needed-six-legal-bases-to-process-data-according-to-gdpr/
- What is the EU GDPR and why is it applicable to the whole world? https://advisera.com/eugdpracademy/knowledgebase/what-is-the-eu-gdpr-and-why-is-it-applicable-to-the-whole-world/
- First steps to take to reach GDPR compliance: https://advisera.com/eugdpracademy/blog/2018/10/08/first-steps-to-take-to-reach-gdpr-compliance/
If you want to know more about GDPR compliance you can consider enrolling in this EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course//
Comment as guest or Sign in
Sep 18, 2020