Sign Up

What is 5 + 2?

Have an account? Sign In Now

Sign In

What is 5 + 2?

Forgot Password?

Don't have account, Sign Up Here

Forgot Password

Lost your password? Please enter your email address. You will receive a link and will create a new password via email.

What is 5 + 2?

Have an account? Sign In Now

Please type your username.

Please type your E-Mail.

Please choose an appropriate title for the question so it can be answered easily.
Please choose the appropriate section so the question can be searched easily.

Type the description thoroughly and in details.

What is 5 + 2?

Sign InSign Up

Watercooler by DPOrganizer

Watercooler by DPOrganizer Logo Watercooler by DPOrganizer Logo

Watercooler by DPOrganizer Navigation

Search
Ask A Question

Mobile menu

Close
Ask a Question
  • Home
  • Categories
    • GDPR
    • Privacy Management
    • Professional Development
    • Software tips and tricks
    • Polls
  • Help
  • About Watercooler

Andrea

Bronze contributor
0Followers
5Questions
Home/ Andrea/Answers
  • About
  • Questions
  • Polls
  • Answers
  1. Asked: March 16, 2022In: GDPR

    Using Whats App to communicate with customers

    Andrea

    Andrea

    • 5 Questions
    • 13 Answers
    • 0 Best Answers
    • 11 Points
    View Profile
    Andrea Bronze contributor
    Added an answer on May 16, 2022 at 8:39 am

    There was a recent case in Finland, where the Data Protection Authority ruled that a cleaning company breached the GDPR by using WhatsApp instant messaging services with its employees as a mean to share information about its customers. Among other things, the company had no means to oversee the useRead more

    There was a recent case in Finland, where the Data Protection Authority ruled that a cleaning company breached the GDPR by using WhatsApp instant messaging services with its employees as a mean to share information about its customers. Among other things, the company had no means to oversee the use of personal data via WhatsApp, or otherwise impose restrictions on possible further use.

    See less
    • 0
    • Share
      Share
      • Share on Facebook
      • Share on Twitter
      • Share on LinkedIn
  2. Asked: October 25, 2021In: GDPR, Privacy Management

    Can ads be reactivated?

    Andrea

    Andrea

    • 5 Questions
    • 13 Answers
    • 0 Best Answers
    • 11 Points
    View Profile
    Andrea Bronze contributor
    Added an answer on October 26, 2021 at 4:58 pm

    Not if they have opted out of receiving marketing from you.

    Not if they have opted out of receiving marketing from you.

    See less
    • 0
    • Share
      Share
      • Share on Facebook
      • Share on Twitter
      • Share on LinkedIn
  3. Asked: October 25, 2021In: GDPR, Privacy Management

    Is usage tracking allowed?

    Andrea

    Andrea

    • 5 Questions
    • 13 Answers
    • 0 Best Answers
    • 11 Points
    View Profile
    Andrea Bronze contributor
    Added an answer on October 26, 2021 at 4:53 pm

    Are your colleagues anticipating using analytical cookies for tracking usage? If so, you will need to ensure that your cookie banners are clear and correctly set up and consent gathered (it seems unlikely you could say that the analysis is necessary for the performance of the search). Are you goingRead more

    Are your colleagues anticipating using analytical cookies for tracking usage? If so, you will need to ensure that your cookie banners are clear and correctly set up and consent gathered (it seems unlikely you could say that the analysis is necessary for the performance of the search).

    Are you going to get consent for the profiling/emails or (depending where in the world you and your users are) rely on the existing customer relationship (assuming you are recommending similar products or services). Either you you need to be transparent in your privacy policy and give your users a chance to opt out.

    See less
    • 0
    • Share
      Share
      • Share on Facebook
      • Share on Twitter
      • Share on LinkedIn
  4. Asked: April 26, 2021In: GDPR

    When can you say a DSAR email search is excessive ?

    Andrea

    Andrea

    • 5 Questions
    • 13 Answers
    • 0 Best Answers
    • 11 Points
    View Profile
    Andrea Bronze contributor
    Added an answer on August 27, 2021 at 4:27 pm

    Whilst I agree that volume alone will not determine whether the request is excessive, you also bear in mind that the courts also look at a 'reasonable and proportionate test'.

    Whilst I agree that volume alone will not determine whether the request is excessive, you also bear in mind that the courts also look at a ‘reasonable and proportionate test’.

    See less
    • 0
    • Share
      Share
      • Share on Facebook
      • Share on Twitter
      • Share on LinkedIn
  5. Asked: August 2, 2021In: GDPR, Privacy Management, Professional Development, Software tips and tricks

    Whatsapp Conversation relating to data subject on a work related matter on a non-work phone between senior managers. Is this SAR-able and FOI-able?

    Andrea

    Andrea

    • 5 Questions
    • 13 Answers
    • 0 Best Answers
    • 11 Points
    View Profile
    Andrea Bronze contributor
    Added an answer on August 17, 2021 at 1:44 pm

    I agree with Liz. If you don't have any reason to think that your senior managers are using WhatsApp for work related conversations you could argue that you are not the controller of any personal information in those conversations. This might be supported by your company policies on, for example conRead more

    I agree with Liz. If you don’t have any reason to think that your senior managers are using WhatsApp for work related conversations you could argue that you are not the controller of any personal information in those conversations. This might be supported by your company policies on, for example confidential information?

    If you think you are the controller, then unless you can point to a company policy on this, it is unlikely that you will be able to compel the senior managers to hand over their personal devices for you to search. I would document how the managers respond to any request to search their devices so you can produce this evidence if the ICO investigates.

    You might also want to consider whether any information would be disclosable as part of a DSAR taking into account the third party privacy rights of your managers and therefore whether you can decline to search on the basis that it would not be reasonable or proportionate.

    See less
    • 0
    • Share
      Share
      • Share on Facebook
      • Share on Twitter
      • Share on LinkedIn
  6. Asked: June 8, 2021In: Privacy Management

    Privacy program KPIs

    Andrea

    Andrea

    • 5 Questions
    • 13 Answers
    • 0 Best Answers
    • 11 Points
    View Profile
    Andrea Bronze contributor
    Added an answer on June 30, 2021 at 10:55 am

    We use a balance of KPIs and KRI (Key Risk Indicators). So, for example , we might have KPI: Percentage of data subject rights requests completed within relevant timeframe KRI: Number of data subject rights requests received (as it might indicate issues elsewhere in the business) KPI: Percentage ofRead more

    We use a balance of KPIs and KRI (Key Risk Indicators). So, for example , we might have

    KPI: Percentage of data subject rights requests completed within relevant timeframe
    KRI: Number of data subject rights requests received (as it might indicate issues elsewhere in the business)

    KPI: Percentage of DPIAs reviewed and returned to the originator within x days
    KRI: Number of initiatives which have gone live without a DPIA being initiated or being initiated in unrealistic timeframes

    See less
    • 0
    • Share
      Share
      • Share on Facebook
      • Share on Twitter
      • Share on LinkedIn
  7. Asked: April 9, 2021In: GDPR

    Managing CCTV requests

    Andrea

    Andrea

    • 5 Questions
    • 13 Answers
    • 0 Best Answers
    • 11 Points
    View Profile
    Andrea Bronze contributor
    Added an answer on April 10, 2021 at 5:47 pm

    I agree with Simon, either model is possible. Personally I am in favour of educating and equipping front line staff to carry this out, with lots of guidance and support.

    I agree with Simon, either model is possible. Personally I am in favour of educating and equipping front line staff to carry this out, with lots of guidance and support.

    See less
    • 0
    • Share
      Share
      • Share on Facebook
      • Share on Twitter
      • Share on LinkedIn
  8. Asked: March 28, 2021In: GDPR, Privacy Management

    Computer based training for employees

    Andrea

    Andrea

    • 5 Questions
    • 13 Answers
    • 0 Best Answers
    • 11 Points
    View Profile
    Andrea Bronze contributor
    Added an answer on March 29, 2021 at 12:47 pm

    We are looking to move away from our current packages, and to widen out the focus from concentration on the GDPR.

    We are looking to move away from our current packages, and to widen out the focus from concentration on the GDPR.

    See less
    • 0
    • Share
      Share
      • Share on Facebook
      • Share on Twitter
      • Share on LinkedIn
  9. Asked: March 28, 2021In: GDPR

    Google Ads

    Andrea

    Andrea

    • 5 Questions
    • 13 Answers
    • 0 Best Answers
    • 11 Points
    View Profile
    Andrea Bronze contributor
    Added an answer on March 29, 2021 at 12:45 pm

    Thanks Dean. I should perhaps have confirmed in the question that the intention is to target existing customers, by providing the details directly to Google. These details have not been collected through our website. I understand the PECR requirements, and am concerned that Google is acting as a conRead more

    Thanks Dean. I should perhaps have confirmed in the question that the intention is to target existing customers, by providing the details directly to Google. These details have not been collected through our website.

    I understand the PECR requirements, and am concerned that Google is acting as a controller here (but happy to be corrected on this) meaning that we require specific consent to pass the details to Google.

    See less
    • 0
    • Share
      Share
      • Share on Facebook
      • Share on Twitter
      • Share on LinkedIn
  10. Asked: March 17, 2021In: GDPR

    Customer satisfaction survey

    Andrea

    Andrea

    • 5 Questions
    • 13 Answers
    • 0 Best Answers
    • 11 Points
    View Profile
    Andrea Bronze contributor
    Replied to answer on March 19, 2021 at 10:13 pm

    We are a membership body. We run surveys of our members to get feedback on our performance but also on what they see as the future of the profession. Unfortunately I don't read German!

    We are a membership body. We run surveys of our members to get feedback on our performance but also on what they see as the future of the profession. Unfortunately I don’t read German!

    See less
    • 0
    • Share
      Share
      • Share on Facebook
      • Share on Twitter
      • Share on LinkedIn
1 2

Sidebar

Ask A Question

Trending contributors

Magnus T

Magnus T

  • 7 Answers
Rising star contributor
DP-Pro

DP-Pro

  • 14 Answers
Bronze contributor
JeremyClarkson

JeremyClarkson

  • 3 Answers
Dave_Wylie

Dave_Wylie

  • 24 Answers
Bronze contributor
d9d9d9

d9d9d9

  • 9 Answers
Rising star contributor

Recent questions

  • Ange Seivewright

    I am curious - has anyone found dashboard type software ...

    • 0 Answers
  • Ange Seivewright

    It's that dreaded time! I need to put together some ...

    • 0 Answers
  • Anonymous

    PII v PI

    • 1 Answer
  • Anonymous

    Monthly Reporting to business leadership team

    • 0 Answers
  • Anonymous

    US marketing laws

    • 1 Answer

Explore

  • Home
  • Categories
    • GDPR
    • Privacy Management
    • Professional Development
    • Software tips and tricks
    • Polls
  • Help
  • About Watercooler

Footer

Your privacy

  • Cookie notice
  • Privacy notice

Terms and policy

  • Acceptable Use Policy
  • Terms of Use

© 2021 DPOrganizer. All Rights Reserved. With Love by DPOrganizer.