Take the ISO 27001 course exam and get the EU GDPR course exam for free
LIMITED-TIME OFFER – VALID UNTIL SEPTEMBER 30, 2021

Expert Advice Community

Guest

GDPR Privacy querries

  Quote
Guest
Guest user Created:   Sep 30, 2020 Last commented:   Sep 30, 2020

GDPR Privacy querries

1. Having longitude and latitude i.e. G. location coordinates (and hence the home address t believe if I am not wrong) of some person be considered as Pll

2. Since Clouds like Amazon AWS have backups happening across the world to maintain a high availability and for BCP purposes, so I feel it's a fair assumption to thin, that AWS will he considering PrwacY laws Eke GDPR before sent. European resident Pll data to any other country outside Europe. Correct?

3. While doing assessment, Do I need to ask vendors to give me list of countries where the cloud is sending the backup data (containing PII) to, while thinking of pnvacy Logic being European resident data is going outside Europe ask if the cloud follow GDPR by having controls or not

4. Am I correct regarding applicability of GDPR in below practical life scenarios- a) European resident I not citizen) went to India and registered an account with Uber by giving his Pil and rode on cab So GDPR would NOT be applicable regarding handling of this European person. Correct, I think GDPR should be as law of land will prevail which is India in this case and not Europe.
Article 3 GDPR defines the territorial scope of GDPR and it is applicable to data processing taking place in the EU or from data controller located in the EU. Therefore, the EU citizen in India will not be under GDPR.
b) Indian resident went to Europe and registered an account with Uber Europe by giving PII and is currently doing a cab ride, so GDPR will be applicable as per what's written in the GDP. regulation. Correct?

5. Now the Indian resident has completed the trip and has gone back to India and left Europe. Will GDPR still protect his Pll data which is now residing in Europe?

6. Someone from India want to make a trip to Europe and thought of advance booking, so while sitting from India itself register an account by giving his PII on the website of some European tour operator with its data center in:  c.1) Europe - Will GDPR be applicable?  c.2) Outside Europe - Will GDPR be applicable?

7.  Will the time of the actual visit make any difference on GDPR applicability i.e. GDPR is ON only after the actual visit has happened and not before?

8. Since IP is a PII, so will even the Dynamic IP not static IP) be considered as PII? By the time the captured dynamic IP will. processed to find PII, the dynamic IP would have changed/expired

Requesting your guidance on these as I believe these will help me in understanding Privacy better

0 0

Assign topic to the user

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Alessandra Nisticò Sep 30, 2020

Having longitude and latitude i.e. G. location coordinates (and hence the home address t believe if I am not wrong) of some person be considered as Pll

Yes, GDPR considers location coordinates as well as the home address as personal data. Article 4, (1) GDPR states that ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;”

Since Clouds like Amazon AWS have backups happening across the world to maintain a high availability and for BCP purposes, so I feel it's a fair assumption to thin, that AWS will he considering PrwacY laws Eke GDPR before sent. European resident Pll data to any other country outside Europe. Correct?

Yes, Amazon AWS implemented the GDPR compliance system in its services. Here you can find what Amazon does for GDPR https://aws.amazon.com/it/compliance/gdpr-center/

While doing assessment, Do I need to ask vendors to give me list of countries where the cloud is sending the backup data (containing PII) to, while thinking of pnvacy Logic being European resident data is going outside Europe ask if the cloud follow GDPR by having controls or not

You need to establish with your vendors who act as data processor a data processing agreement requiring them to select cloud providers who are compliant with GDPR (i.e. with data centers in the EU) you can also demand proof of compliance with GDPR of their cloud servers as the data controller has the power to give instruction on data processing, according to article 28 GDPR.

Am I correct regarding applicability of GDPR in below practical life scenarios-

 a) European resident I not citizen) went to India and registered an account with Uber by giving his Pil and rode on cab So GDPR would NOT be applicable regarding handling of this European person. Correct, I think GDPR should be as law of land will prevail which is India in this case and not Europe. 

Article 3 GDPR defines the territorial scope of GDPR and it is applicable to data processing taking place in the EU or from data controller located in the EU. Therefore, the EU citizen in India will not be under GDPR.

b) Indian resident went to Europe and registered an account with Uber Europe by giving PII and is currently doing a cab ride, so GDPR will be applicable as per what's written in the GDP. regulation. Correct? 

Yes, it is correct.

Now the Indian resident has completed the trip and has gone back to India and left Europe. Will GDPR still protect his Pll data which is now residing in Europe?

GDPR will protect data collected through the EU company, while the data collected through the Indian company will not under GDPR, because the data processing is outside the EU, with non-EU citizens and through non-EU data controller.

Someone from India want to make a trip to Europe and thought of advance booking, so while sitting from India itself register an account by giving his PII on the website of some European tour operator with its data center in:  c.1) Europe - Will GDPR be applicable?  c.2) Outside Europe - Will GDPR be applicable?

Yes, all data processed by the EU data controller (European tour operator) are under GDPR, for the processing carried all around the world.

Will the time of the actual visit make any difference on GDPR applicability i.e. GDPR is ON only after the actual visit has happened and not before?

No, even if the Indian tourist does not leave India but gave some PII to European Tour Operator, personal data will be processed according to GDPR.

Since IP is a PII, so will even the Dynamic IP not static IP) be considered as PII? By the time the captured dynamic IP will. processed to find PII, the dynamic IP would have changed/expired 

Requesting your guidance on these as I believe these will help me in understanding Privacy better"

Yes, dynamic IP is a PII because it makes the individual identifiable, according to article 4 GDPR.

Here you can find more information:

If you want to know more about GDPR compliance you can consider enrolling in this EU GDPR Foundations Course: https://training.advisera.com/se/eu-gdpr-foundations-course//

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Sep 30, 2020

Sep 30, 2020

Suggested Topics

Guest user Created:   Sep 24, 2021 EU GDPR
Replies: 0
0 0

Conversion to UK version of GDPR

Guest user Created:   Sep 21, 2021 EU GDPR
Replies: 2
0 0

Application of GDPR to emailed CVs

Guest user Created:   Sep 15, 2021 EU GDPR
Replies: 1
0 0

Privacy Notices