Website and data storage

Answer:

Yes there are. You would need at least the following three documents Website Terms and Conditions, Website Privacy Notice and Cookie Policy. You can find readily available templates for these three documents in EU GDPR Mini Toolkit for Websites (https://advisera.com/eugdpracademy/pricing/).

2. How much time I need to keep the collected contact data?

Answer:

The EU GDPR does not specify a certain timeframe but you need to keep in mind that the data cannot be processed for more time that is needed to fulfil the purpose for which it is collected in the first place. In your case you may keep the data for as long as it is needed to provide the services to the client and maybe add some more time such as a statute of limitation period. If you want to find out more about retention periods check out this EU GDPR Foundations Course (https://training.adv isera.com/course/eu-gdpr-foundations-course/)

3. Do I need to register to the data protection authority?

Answer:

This depends on the jurisdiction where you are operating. Some Supervisory Authority like the ICO in the UK still require registration while others such as the one in Romania do not require registration. I suggest you check your local supervisory authority website for this information. You can find a list of the Supervisory Authorities in the EU at https://edpb.europa.eu/about-edpb/about-edpb/members_en

4. Can I use a different company for storing the data ?

Answer:

You certainly can. The company you will use for storage services will be acting as you processor if you will be using it to store personal data. When using a processor you need to be compliant with the provisions of art. 28 of the GDPR. If you want to find out more about processors and controllers check out this article EU GDPR controller vs. processor – What are the differences? (https://advisera.com/eugdpracademy/knowledgebase/eu-gdpr-controller-vs-processor-what-are-the-differences/)