Sign Up

What is 8 + 4?

Have an account? Sign In Now

Sign In

What is 8 + 4?

Forgot Password?

Don't have account, Sign Up Here

Forgot Password

Lost your password? Please enter your email address. You will receive a link and will create a new password via email.

What is 8 + 4?

Have an account? Sign In Now

Please type your username.

Please type your E-Mail.

Please choose an appropriate title for the question so it can be answered easily.
Please choose the appropriate section so the question can be searched easily.

Type the description thoroughly and in details.

What is 8 + 4?

Sign InSign Up

Watercooler by DPOrganizer

Watercooler by DPOrganizer Logo Watercooler by DPOrganizer Logo

Watercooler by DPOrganizer Navigation

Search
Ask A Question

Mobile menu

Close
Ask a Question
  • Home
  • Categories
    • GDPR
    • Privacy Management
    • Professional Development
    • Software tips and tricks
    • Polls
  • Help
  • About Watercooler

Andrea

Bronze contributor
1Follower
5Questions
Home/ Andrea/Answers
  • About
  • Questions
  • Polls
  • Answers
  1. Asked: July 13, 2022In: GDPR

    providing personal contact details

    Andrea

    Andrea

    • 5 Questions
    • 15 Answers
    • 0 Best Answers
    • 13 Points
    View Profile
    Andrea Bronze contributor
    Added an answer on July 21, 2022 at 10:14 am

    I'm curious why you would not just ask the Directors in question for consent? Alternatively could you not provide them with a work phone on which the Business Continuity Director could contact them if necessary?

    I’m curious why you would not just ask the Directors in question for consent? Alternatively could you not provide them with a work phone on which the Business Continuity Director could contact them if necessary?

    See less
    • 1
    • Share
      Share
      • Share on Facebook
      • Share on Twitter
      • Share on LinkedIn
  2. Asked: July 18, 2022In: GDPR, Privacy Management

    Access to emails

    Andrea

    Andrea

    • 5 Questions
    • 15 Answers
    • 0 Best Answers
    • 13 Points
    View Profile
    Andrea Bronze contributor
    Added an answer on July 21, 2022 at 10:11 am

    There have been some recent cases in Europe on the topic of access to former employees email accounts which may provide some insight on regulatory expectations. Try searching https://gdprhub.eu/index.php?title=Welcome_to_GDPRhub.

    There have been some recent cases in Europe on the topic of access to former employees email accounts which may provide some insight on regulatory expectations. Try searching https://gdprhub.eu/index.php?title=Welcome_to_GDPRhub.

    See less
    • 0
    • Share
      Share
      • Share on Facebook
      • Share on Twitter
      • Share on LinkedIn
  3. Asked: March 16, 2022In: GDPR

    Using Whats App to communicate with customers

    Andrea

    Andrea

    • 5 Questions
    • 15 Answers
    • 0 Best Answers
    • 13 Points
    View Profile
    Andrea Bronze contributor
    Added an answer on May 16, 2022 at 8:39 am

    There was a recent case in Finland, where the Data Protection Authority ruled that a cleaning company breached the GDPR by using WhatsApp instant messaging services with its employees as a mean to share information about its customers. Among other things, the company had no means to oversee the useRead more

    There was a recent case in Finland, where the Data Protection Authority ruled that a cleaning company breached the GDPR by using WhatsApp instant messaging services with its employees as a mean to share information about its customers. Among other things, the company had no means to oversee the use of personal data via WhatsApp, or otherwise impose restrictions on possible further use.

    See less
    • 0
    • Share
      Share
      • Share on Facebook
      • Share on Twitter
      • Share on LinkedIn
  4. Asked: October 25, 2021In: GDPR, Privacy Management

    Can ads be reactivated?

    Andrea

    Andrea

    • 5 Questions
    • 15 Answers
    • 0 Best Answers
    • 13 Points
    View Profile
    Andrea Bronze contributor
    Added an answer on October 26, 2021 at 4:58 pm

    Not if they have opted out of receiving marketing from you.

    Not if they have opted out of receiving marketing from you.

    See less
    • 0
    • Share
      Share
      • Share on Facebook
      • Share on Twitter
      • Share on LinkedIn
  5. Asked: October 25, 2021In: GDPR, Privacy Management

    Is usage tracking allowed?

    Andrea

    Andrea

    • 5 Questions
    • 15 Answers
    • 0 Best Answers
    • 13 Points
    View Profile
    Andrea Bronze contributor
    Added an answer on October 26, 2021 at 4:53 pm

    Are your colleagues anticipating using analytical cookies for tracking usage? If so, you will need to ensure that your cookie banners are clear and correctly set up and consent gathered (it seems unlikely you could say that the analysis is necessary for the performance of the search). Are you goingRead more

    Are your colleagues anticipating using analytical cookies for tracking usage? If so, you will need to ensure that your cookie banners are clear and correctly set up and consent gathered (it seems unlikely you could say that the analysis is necessary for the performance of the search).

    Are you going to get consent for the profiling/emails or (depending where in the world you and your users are) rely on the existing customer relationship (assuming you are recommending similar products or services). Either you you need to be transparent in your privacy policy and give your users a chance to opt out.

    See less
    • 0
    • Share
      Share
      • Share on Facebook
      • Share on Twitter
      • Share on LinkedIn
  6. Asked: April 26, 2021In: GDPR

    When can you say a DSAR email search is excessive ?

    Andrea

    Andrea

    • 5 Questions
    • 15 Answers
    • 0 Best Answers
    • 13 Points
    View Profile
    Andrea Bronze contributor
    Added an answer on August 27, 2021 at 4:27 pm

    Whilst I agree that volume alone will not determine whether the request is excessive, you also bear in mind that the courts also look at a 'reasonable and proportionate test'.

    Whilst I agree that volume alone will not determine whether the request is excessive, you also bear in mind that the courts also look at a ‘reasonable and proportionate test’.

    See less
    • 0
    • Share
      Share
      • Share on Facebook
      • Share on Twitter
      • Share on LinkedIn
  7. Asked: August 2, 2021In: GDPR, Privacy Management, Professional Development, Software tips and tricks

    Whatsapp Conversation relating to data subject on a work related matter on a non-work phone between senior managers. Is this SAR-able and FOI-able?

    Andrea

    Andrea

    • 5 Questions
    • 15 Answers
    • 0 Best Answers
    • 13 Points
    View Profile
    Andrea Bronze contributor
    Added an answer on August 17, 2021 at 1:44 pm

    I agree with Liz. If you don't have any reason to think that your senior managers are using WhatsApp for work related conversations you could argue that you are not the controller of any personal information in those conversations. This might be supported by your company policies on, for example conRead more

    I agree with Liz. If you don’t have any reason to think that your senior managers are using WhatsApp for work related conversations you could argue that you are not the controller of any personal information in those conversations. This might be supported by your company policies on, for example confidential information?

    If you think you are the controller, then unless you can point to a company policy on this, it is unlikely that you will be able to compel the senior managers to hand over their personal devices for you to search. I would document how the managers respond to any request to search their devices so you can produce this evidence if the ICO investigates.

    You might also want to consider whether any information would be disclosable as part of a DSAR taking into account the third party privacy rights of your managers and therefore whether you can decline to search on the basis that it would not be reasonable or proportionate.

    See less
    • 0
    • Share
      Share
      • Share on Facebook
      • Share on Twitter
      • Share on LinkedIn
  8. Asked: June 8, 2021In: Privacy Management

    Privacy program KPIs

    Andrea

    Andrea

    • 5 Questions
    • 15 Answers
    • 0 Best Answers
    • 13 Points
    View Profile
    Andrea Bronze contributor
    Added an answer on June 30, 2021 at 10:55 am

    We use a balance of KPIs and KRI (Key Risk Indicators). So, for example , we might have KPI: Percentage of data subject rights requests completed within relevant timeframe KRI: Number of data subject rights requests received (as it might indicate issues elsewhere in the business) KPI: Percentage ofRead more

    We use a balance of KPIs and KRI (Key Risk Indicators). So, for example , we might have

    KPI: Percentage of data subject rights requests completed within relevant timeframe
    KRI: Number of data subject rights requests received (as it might indicate issues elsewhere in the business)

    KPI: Percentage of DPIAs reviewed and returned to the originator within x days
    KRI: Number of initiatives which have gone live without a DPIA being initiated or being initiated in unrealistic timeframes

    See less
    • 0
    • Share
      Share
      • Share on Facebook
      • Share on Twitter
      • Share on LinkedIn
  9. Asked: April 9, 2021In: GDPR

    Managing CCTV requests

    Andrea

    Andrea

    • 5 Questions
    • 15 Answers
    • 0 Best Answers
    • 13 Points
    View Profile
    Andrea Bronze contributor
    Added an answer on April 10, 2021 at 5:47 pm

    I agree with Simon, either model is possible. Personally I am in favour of educating and equipping front line staff to carry this out, with lots of guidance and support.

    I agree with Simon, either model is possible. Personally I am in favour of educating and equipping front line staff to carry this out, with lots of guidance and support.

    See less
    • 0
    • Share
      Share
      • Share on Facebook
      • Share on Twitter
      • Share on LinkedIn
  10. Asked: March 28, 2021In: GDPR, Privacy Management

    Computer based training for employees

    Andrea

    Andrea

    • 5 Questions
    • 15 Answers
    • 0 Best Answers
    • 13 Points
    View Profile
    Andrea Bronze contributor
    Added an answer on March 29, 2021 at 12:47 pm

    We are looking to move away from our current packages, and to widen out the focus from concentration on the GDPR.

    We are looking to move away from our current packages, and to widen out the focus from concentration on the GDPR.

    See less
    • 0
    • Share
      Share
      • Share on Facebook
      • Share on Twitter
      • Share on LinkedIn
1 2

Sidebar

Ask A Question

Trending contributors

Smurf333

Smurf333

  • 11 Answers
Bronze contributor
Dave_Wylie

Dave_Wylie

  • 28 Answers
Bronze contributor
CRodica

CRodica

  • 6 Answers
Rising star contributor
Atis

Atis

  • 4 Answers
Andrea

Andrea

  • 15 Answers
Bronze contributor

Recent questions

  • Anonymous

    Instagram!!

    • 0 Answers
  • Olga

    DPO in EU and UK

    • 0 Answers
  • Smurf333

    DBS scenario with HR retaining excessive information for longer than ...

    • 0 Answers
  • CRodica

    Parties role towards employees data for administrative purposes

    • 0 Answers
  • Donna

    ‘serious harm test’ for health data

    • 0 Answers

Explore

  • Home
  • Categories
    • GDPR
    • Privacy Management
    • Professional Development
    • Software tips and tricks
    • Polls
  • Help
  • About Watercooler

Footer

Your privacy

  • Cookie notice
  • Privacy notice

Terms and policy

  • Acceptable Use Policy
  • Terms of Use

© 2021 DPOrganizer. All Rights Reserved. With Love by DPOrganizer.