Assign topic to the user
Now my question, whether this makes sense and whether this approach could be fatal to us. Unfortunately, it is not possible for us, e.g. 100% free for 1 month only for GDPR activities. Since you certainly have experience, also in terms of the scope, I am very curious about your tips and hints.
Answer:
First I would like to start by mentioning that a DPO is not necessary to be appointed unless (a) the processing is carried out by a public authority or b ody, except for courts acting in their judicial capacity; or (b) the core activities of the legal entity consist of processing operations which, by their nature, their scope and/or their purposes, require regular and systematic monitoring of data subjects on a large scale; or (c) the core activities of the legal entity of processing on a large scale of special categories of data pursuant to Article 9 of the EU GDPR and personal data relating to criminal convictions and offences referred to in Article 10 of the EU GDPR. If you could link the implementation of ISMS together with GDPR it won’t constitute an issue.
To learn more about ISMS and GDPR check out our articel “Does ISO 27001 implementation satisfy EU GDPR requirements?” (https://advisera.com/27001academy/blog/2016/10/17/does-iso-27001-implementation-satisfy-eu-gdpr-requirements/).
Comment as guest or Sign in
Jul 09, 2018