Expert Advice Community

Guest

Privacy questions

  Quote
Guest
Guest user Created:   Oct 08, 2019 Last commented:   Oct 08, 2019

Privacy questions

1. Are there any available GDPR certifications?
2. How do I start with mapping my processing activities?
3. Is there any video surveillance policy available in the toolkits?
4. I am negotiating with a Data Processing Contract with an insurance company. Are these companies controllers or processors?
5. How can I best present a privacy notice? Do clients need to sign the notice?

0 1

Assign topic to the user

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Andrei Hanganu Oct 08, 2019

1. Are there any available GDPR certifications?

So far there are no certifications available in the sense of art. 40 of the GDPR. However, you need to keep an eye on the Supervisory Authorities websites and see if there is any news since is the Supervisory Authorities that need to endorse such certifications.

2. How do I start with mapping my processing activities?

My suggestion is to have a process-based approach. For example, you can split HR activities into several processes such as recruitment, on-boarding, etc. and record these into your Records of processing.

You can find readily available Inventories of processing activities in this "EU GDPR Data Mapping & DPIA Toolkit" (https://advisera.com/eugdpracademy/eu-gdpr-data-mapping-dpia-toolkit/).

3. Is there any video surveillance policy available in the toolkits?

No, unfortunately not. However, you do not necessarily need one if you provide adequate privacy notice and explain the extent of the video monitoring and the purposes.

4. I am negotiating with a Data Processing Contract with an insurance company. Are these companies controllers or processors?

Usually, Insurance companies act as independent data controllers so you would need Controller to Controller Clauses in place.

5. How can I best present a privacy notice? Do clients need to sign the notice?

Some of the best way to present a privacy notice are:

  • Layering - Provide the individual with a short summary of the important or unusual uses of their personal data and provide a link to a full privacy policy for those who want the detail
  • Just in time - Consider using additional notices for particular interactions with the individual. For example, if signing up for a new service means their personal data will be processed for additional purposes.
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Oct 08, 2019

Oct 08, 2019

Suggested Topics

Guest user Created:   May 03, 2021 EU GDPR
Replies: 3
0 0

Assistance with the toolkit

Guest user Created:   May 14, 2020 EU GDPR
Replies: 1
0 0

Audit of completed erasure

Guest user Created:   Sep 19, 2019 EU GDPR
Replies: 1
0 0

EU GDPR applicability