Sign Up

What is 5 + 2?

Have an account? Sign In Now

Sign In

What is 5 + 2?

Forgot Password?

Don't have account, Sign Up Here

Forgot Password

Lost your password? Please enter your email address. You will receive a link and will create a new password via email.

What is 5 + 2?

Have an account? Sign In Now

Please type your username.

Please type your E-Mail.

Please choose an appropriate title for the question so it can be answered easily.
Please choose the appropriate section so the question can be searched easily.

Type the description thoroughly and in details.

What is 5 + 2?

Sign InSign Up

Watercooler by DPOrganizer

Watercooler by DPOrganizer Logo Watercooler by DPOrganizer Logo

Watercooler by DPOrganizer Navigation

Search
Ask A Question

Mobile menu

Close
Ask a Question
  • Home
  • Categories
    • GDPR
    • Privacy Management
    • Professional Development
    • Software tips and tricks
    • Polls
  • Help
  • About Watercooler

d9d9d9

Rising star contributor
0Followers
0Questions
Home/ d9d9d9/Answers
  • About
  • Questions
  • Polls
  • Answers
  1. Asked: April 16, 2022In: GDPR

    Marketing preferences

    d9d9d9

    d9d9d9

    • 0 Questions
    • 9 Answers
    • 0 Best Answers
    • 9 Points
    View Profile
    d9d9d9 Rising star contributor
    Added an answer on April 25, 2022 at 3:36 pm
    This answer was edited.

    Hi! I'm not an expert for PECR but based on my understanding, you organisation could rely on soft opt-in for both email and phone marketing provided that your organisation: - has an ongoing relationship with the individuals - is the entity that has both obtained the contact details - is sending theRead more

    Hi! I’m not an expert for PECR but based on my understanding, you organisation could rely on soft opt-in for both email and phone marketing provided that your organisation:
    – has an ongoing relationship with the individuals
    – is the entity that has both obtained the contact details
    – is sending the marketing email or calling (not through a third party), and
    – provides an easy way for individuals to opt-out
    Soft opt-in means that you can contact an individual for marketing purposes on an opt-out basis if the listed conditions are fulfilled.
    I hope this helps and maybe someone with more experience can weigh in!

    See less
    • 0
    • Share
      Share
      • Share on Facebook
      • Share on Twitter
      • Share on LinkedIn
  2. Asked: March 3, 2022In: GDPR

    Call recordings

    d9d9d9

    d9d9d9

    • 0 Questions
    • 9 Answers
    • 0 Best Answers
    • 9 Points
    View Profile
    d9d9d9 Rising star contributor
    Added an answer on March 4, 2022 at 3:11 pm

    In regard to the second question, I recommend looking at Guidelines 01/2022 on data subject rights -Right of access. Of particular interest are likely para. 104 and Example 1 in para. 171. In brief, the right to access also applies to the actual call recordings (and the transcripts, if they exist alRead more

    In regard to the second question, I recommend looking at Guidelines 01/2022 on data subject rights -Right of access. Of particular interest are likely para. 104 and Example 1 in para. 171.

    In brief, the right to access also applies to the actual call recordings (and the transcripts, if they exist already). You should however analyse if giving access to this data has a negative impact on the rights and freedoms of the customer service agent.

    In the example the EDPB gives, if the only personal data processed by the CS agent is their voice, it is unlikely to identify said CS agent and it would therefore not negatively affect their own rights. Therefore you may provide the full recording in the DSAR.

    If other personal data by the CS agent is included (e.g. their name) you may consider emitting/censoring those parts.

    I hope this helps!

    (In regard to question #1 – stating the unhelpful obvious – it depends on the purpose you process the personal data for in the first place.)

    See less
    • 0
    • Share
      Share
      • Share on Facebook
      • Share on Twitter
      • Share on LinkedIn
  3. Asked: October 4, 2021In: GDPR

    Using SCC’s

    d9d9d9

    d9d9d9

    • 0 Questions
    • 9 Answers
    • 0 Best Answers
    • 9 Points
    View Profile
    d9d9d9 Rising star contributor
    Replied to answer on October 5, 2021 at 2:53 pm
    This answer was edited.

    Hi Caroline! If you're referring to Fly Software Ltd - it is a UK company and therefore a DPA would be enough and no transfer tool should be needed if your company is in the UK, too. As far as I know the jury is still out on how US surveillance laws (e.g. Cloud Act and FISA) impact UK/EU companies wRead more

    Hi Caroline! If you’re referring to Fly Software Ltd – it is a UK company and therefore a DPA would be enough and no transfer tool should be needed if your company is in the UK, too. As far as I know the jury is still out on how US surveillance laws (e.g. Cloud Act and FISA) impact UK/EU companies with US parent companies. Maybe someone else in the community knows more?
    If you decide to play it safe and apply a transfer tool, I can only say that the ICO announced that the old SCCs are still valid for third country transfers. You can find the adapted versions and more info about the post-Brexit context here: https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/international-transfers-after-uk-exit/sccs-after-transition-period/

    See less
    • 1
    • Share
      Share
      • Share on Facebook
      • Share on Twitter
      • Share on LinkedIn
  4. Asked: October 4, 2021In: GDPR

    Using SCC’s

    d9d9d9

    d9d9d9

    • 0 Questions
    • 9 Answers
    • 0 Best Answers
    • 9 Points
    View Profile
    d9d9d9 Rising star contributor
    Added an answer on October 4, 2021 at 2:33 pm

    If your data leaves the UK and gets transferred to a third country that doesn't enjoy the luxury of an EU Commision Adequacy decision you have to use a transfer tool, e.g. the new SCCs (https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj). Since Schrems II you'll also have to assess the standard of dRead more

    If your data leaves the UK and gets transferred to a third country that doesn’t enjoy the luxury of an EU Commision Adequacy decision you have to use a transfer tool, e.g. the new SCCs (https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj). Since Schrems II you’ll also have to assess the standard of data protection of the recipient country (https://edpb.europa.eu/system/files/2021-06/edpb_recommendations_202001vo.2.0_supplementarymeasurestransferstools_en.pdf and https://edpb.europa.eu/sites/default/files/files/file1/edpb_recommendations_202002_europeanessentialguaranteessurveillance_en.pdf).

    See less
    • 0
    • Share
      Share
      • Share on Facebook
      • Share on Twitter
      • Share on LinkedIn
  5. Asked: October 4, 2021In: GDPR

    Using SCC’s

    d9d9d9

    d9d9d9

    • 0 Questions
    • 9 Answers
    • 0 Best Answers
    • 9 Points
    View Profile
    d9d9d9 Rising star contributor
    Added an answer on October 4, 2021 at 2:32 pm

    Hi! If you're located in the EEA and want to use a processor in the UK you don't have to enter into SCCs since the EU Commission issued an Adequacy decision for transfers to the UK. So, if the data stays in the UK you don't have to take any extra steps to render the data transfer lawful beyond enterRead more

    Hi! If you’re located in the EEA and want to use a processor in the UK you don’t have to enter into SCCs since the EU Commission issued an Adequacy decision for transfers to the UK. So, if the data stays in the UK you don’t have to take any extra steps to render the data transfer lawful beyond entering into a regular Art. 28 GDPR DPA. E.g. you could use the new standard DPA by the EU Commission (https://eur-lex.europa.eu/eli/dec_impl/2021/915/oj).

    See less
    • 0
    • Share
      Share
      • Share on Facebook
      • Share on Twitter
      • Share on LinkedIn
  6. Asked: February 11, 2021In: GDPR

    GDPR consultancy concerns/Confusion

    d9d9d9

    d9d9d9

    • 0 Questions
    • 9 Answers
    • 0 Best Answers
    • 9 Points
    View Profile
    d9d9d9 Rising star contributor
    Added an answer on February 17, 2021 at 9:52 am

    You'll need to enter into a data processing agreement (DPA) with your clients for the processing activities of personal data where you act as a processor, i.e. for the activities that you carry out on behalf of your client. The DPA needs to be in line with Art. 28 GDPR. When you act as a processor fRead more

    You’ll need to enter into a data processing agreement (DPA) with your clients for the processing activities of personal data where you act as a processor, i.e. for the activities that you carry out on behalf of your client. The DPA needs to be in line with Art. 28 GDPR.

    When you act as a processor for a certain processing activity, it does not matter if you or the controller collect the personal data – you are still the processor and carry those activities out as defined in the DPA.

    If you carry out processing activities that are not in line with the DPA and the instructions of the controller (i.e. you decide the means and purposes of the processing), you act as a controller for the data. This may be problematic since you need to comply with obligations for controllers under GDPR.

    See less
    • 0
    • Share
      Share
      • Share on Facebook
      • Share on Twitter
      • Share on LinkedIn
  7. Asked: February 14, 2021In: Privacy Management

    What browser is from your point of view the most privacy-friendly browser?

    d9d9d9

    d9d9d9

    • 0 Questions
    • 9 Answers
    • 0 Best Answers
    • 9 Points
    View Profile
    d9d9d9 Rising star contributor
    Added an answer on February 16, 2021 at 12:29 pm

    Here's a great resource for privacy-friendly tools that can serve as a good starting point for beefing up your privacy on the web -> https://privacytools.io/

    Here’s a great resource for privacy-friendly tools that can serve as a good starting point for beefing up your privacy on the web -> https://privacytools.io/

    See less
    • 0
    • Share
      Share
      • Share on Facebook
      • Share on Twitter
      • Share on LinkedIn
  8. Asked: February 15, 2021In: GDPR

    Is privacy over rated?

    d9d9d9

    d9d9d9

    • 0 Questions
    • 9 Answers
    • 0 Best Answers
    • 9 Points
    View Profile
    d9d9d9 Rising star contributor
    Added an answer on February 16, 2021 at 12:20 pm

    I'd say that most people who are aware of the risks care about privacy. IMO being in control of what info is known about me and by whom is crucial. Seeing how much organisations know about people is quite scary. Not only because I don't like that they know so much about me (maybe know me better thanRead more

    I’d say that most people who are aware of the risks care about privacy. IMO being in control of what info is known about me and by whom is crucial. Seeing how much organisations know about people is quite scary. Not only because I don’t like that they know so much about me (maybe know me better than I know myself and can thereby predict my behaviour) but also because mistakes happen.

    Identity theft, exposing sensitive info to hackers following a data breach, or the data may be shared with an organisation that I don’t like the data should be shared with.

    E.g. I don’t want that Facebook has access to all my private messages since I have almost no control over who reads those messages and what happens with them. I therefore use FOSS E2E apps as much as possible.

    See less
    • 2
    • Share
      Share
      • Share on Facebook
      • Share on Twitter
      • Share on LinkedIn
  9. Asked: February 15, 2021In: GDPR

    Posting gifts to employees

    d9d9d9

    d9d9d9

    • 0 Questions
    • 9 Answers
    • 0 Best Answers
    • 9 Points
    View Profile
    d9d9d9 Rising star contributor
    Added an answer on February 16, 2021 at 11:28 am

    I'd say that this processing activity can be based on legitimate interest instead of consent. It is in your company's legitimate interest to keep the morale high among the troops. Don't forget to conduct a Legitimate Interest Assessment before to confirm that you can rely on this legal ground and toRead more

    I’d say that this processing activity can be based on legitimate interest instead of consent. It is in your company’s legitimate interest to keep the morale high among the troops.

    Don’t forget to conduct a Legitimate Interest Assessment before to confirm that you can rely on this legal ground and to ensure that you’re taking all the necessary measures to carry this processing out in the best and safest way possible.

    See less
    • 1
    • Share
      Share
      • Share on Facebook
      • Share on Twitter
      • Share on LinkedIn

Sidebar

Ask A Question

Trending contributors

Smurf333

Smurf333

  • 7 Answers
Rising star contributor
Magnus T

Magnus T

  • 7 Answers
Rising star contributor
CRodica

CRodica

  • 3 Answers
JeremyClarkson

JeremyClarkson

  • 3 Answers
d9d9d9

d9d9d9

  • 9 Answers
Rising star contributor

Recent questions

  • Anonymous

    Automated Decision Making and profiling

    • 1 Answer
  • CRodica

    Distribution list data breach

    • 2 Answers
  • Anonymous

    What is a data processors legal basis for using data ...

    • 1 Answer
  • Alex

    CCTV warning signs

    • 2 Answers
  • Alex

    Cookies consent and contact form consent

    • 0 Answers

Explore

  • Home
  • Categories
    • GDPR
    • Privacy Management
    • Professional Development
    • Software tips and tricks
    • Polls
  • Help
  • About Watercooler

Footer

Your privacy

  • Cookie notice
  • Privacy notice

Terms and policy

  • Acceptable Use Policy
  • Terms of Use

© 2021 DPOrganizer. All Rights Reserved. With Love by DPOrganizer.