FAQs – GDPR Register | Compliance tool for privacy experts

Right to rectification

Aleksander Uibo — Mon, 26 Oct 2020 09:29:08 +0000

According to GDPR Article 16, The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

The data controller should take reasonable steps to ensure that the data is accurate and to rectify the data if necessary. The controller should take into account the arguments and evidence provided by the data subject.

The post Right to rectification appeared first on GDPR Register | Compliance tool for privacy experts.

DPO – Data Protection Officer

Aleksander Uibo — Thu, 22 Oct 2020 10:46:21 +0000

“DPO” is meaning a Data Protection Officer. The role of the data protection officer (DPO) is to ensure that organisation processes the personal data of its staff, customers, providers or any other individuals in compliance with the applicable data protection rules. Data protection officers are responsible for overseeing a company’s data protection strategy and its implementation to ensure compliance with GDPR requirements.

DPO assists the organisation with monitoring it’s internal compliance, informs and advises on data protection obligations, provides advice regarding Data Protection Impact Assessments (DPIAs) and acts as a contact point for data subjects and the supervisory authority.

The post DPO – Data Protection Officer appeared first on GDPR Register | Compliance tool for privacy experts.

Does the GDPR affect direct marketing?

admin — Tue, 02 Apr 2019 21:59:30 +0000

Digital marketing and direct marketing are based on the data that the company has collected, therefore marketing activities must comply with the GDPR as well. Consent must be obtained from the subjects and existing consent forms must be reviewed. There are several guidelines that must be followed when initiating contact in B2B and B2C. Read more about marketing in B2B and direct marketing rules and exceptions under the GDPR.

The post Does the GDPR affect direct marketing? appeared first on GDPR Register | Compliance tool for privacy experts.

Collecting data from children?

admin — Tue, 02 Apr 2019 21:59:11 +0000

Consent from the parents is required when processing data of children under the age of 16 for online services.

The post Collecting data from children? appeared first on GDPR Register | Compliance tool for privacy experts.

Right to be informed

admin — Tue, 02 Apr 2019 21:58:48 +0000

The individual has the right to be informed about how and why their personal data is being processed. Grounds for processing is usually explained when asking for the consent from the individual. Individual has a right to be informed after giving the consent as well, meaning that the company should be able to provide the individual with concise, intelligible, easily accessible, free of charge and clearly written information about the processing.

What information do you need to provide?

The name and contact details of our organisation.
The name and contact details of our representative or data protection officer (if applicable).
The purposes of the processing.
The lawful basis for the processing.
The categories of personal data obtained (if the personal data is not obtained directly from the individual).
The recipients or categories of recipients of the personal data.
The details of transfers of the personal data to any third countries or international organisations (if applicable).
The retention periods for the personal data.
The rights available to individuals in respect of the processing.
The right to withdraw consent (if consent is used as a legal basis).
The right to lodge a complaint with a supervisory authority.
The source of the personal data (if the personal data is not obtained directly from the individual).
The details of whether individuals are under a statutory or contractual obligation to provide the personal data (if applicable, and if the personal data is collected from the individual it relates to).
The details of the existence of automated decision-making, including profiling (if applicable).

The post Right to be informed appeared first on GDPR Register | Compliance tool for privacy experts.

Can data subject withdraw consent?

admin — Tue, 02 Apr 2019 21:58:28 +0000

According to the GDPR, the data subject can withdraw their consent at any time. However, withdrawing the consent applies only to future processing of personal data, not to data that has already been processed. If the obtained consent does not fulfill the requirements of the GDPR, the consent must be re-obtained.

The post Can data subject withdraw consent? appeared first on GDPR Register | Compliance tool for privacy experts.

Difference between data controller and processor?

admin — Tue, 02 Apr 2019 21:57:28 +0000

Data controller is the person or a company who defines the purpose, means and conditions of how personal data is being processed. Data processor processes personal data on behalf of the data controller and is usually external entity from the data controller’s company.

The post Difference between data controller and processor? appeared first on GDPR Register | Compliance tool for privacy experts.

Responsibilities of the data protection officer (DPO)

admin — Tue, 02 Apr 2019 21:57:06 +0000

The DPO has generally two main tasks. To monitor the GDPR compliance operations within the organisation and interact with the supervisory authority and the data subjects whose data is being processed. Data protection officer might also inform and advise the organisation on other privacy related matters and raise awareness by training the employees.

The post Responsibilities of the data protection officer (DPO) appeared first on GDPR Register | Compliance tool for privacy experts.

Do we need to comply if we process personal data manually instead of automated processing?

admin — Tue, 02 Apr 2019 21:51:11 +0000

Article 4 (6) of the GDPR sets the definition for a ‘filing system’. If the personal data that the company processes manually is in structured form and the processing is conducted in a database, then yes GDPR does apply. If the processing is one-off and the company does not use a database, then GDPR might not apply.

The post Do we need to comply if we process personal data manually instead of automated processing? appeared first on GDPR Register | Compliance tool for privacy experts.

We do not charge for our services, do we need to comply?

admin — Tue, 02 Apr 2019 21:50:50 +0000

All companies processing personal data must comply with the GDPR, regardless whether payment is charged or not.

The post We do not charge for our services, do we need to comply? appeared first on GDPR Register | Compliance tool for privacy experts.