Hi Henry, I did some work with an organisation that offered Pensions services and employee benefits amongst other things. I know that in the particular organisation, the Trustees were the data controller of the Pensions data, and then the 'Pension Provider' (brand) were the Administers. Then data prRead more
Hi Henry,
I did some work with an organisation that offered Pensions services and employee benefits amongst other things.
I know that in the particular organisation, the Trustees were the data controller of the Pensions data, and then the ‘Pension Provider’ (brand) were the Administers. Then data processing agreements with the organisations that supported the service. Relationship is usually between Trustees and Pension user.
Is there a particular element that people can help with?
I seen a good deal of contracts where data processors use wording like "at Customer cost, Supplier will". The GDPR is silent on whether a data processor should be paid for assisting with a data controller's obligations, and especially in the audit right. From a data processors perspective, it is a cRead more
I seen a good deal of contracts where data processors use wording like “at Customer cost, Supplier will”.
The GDPR is silent on whether a data processor should be paid for assisting with a data controller’s obligations, and especially in the audit right.
From a data processors perspective, it is a commercial discussion, rather than a data protection question. Will they help with audit, yes, is it going to cost the controller for the processor’s time, yes.
You can always try to push back, but I’ve added words like, “reasonable” into those clauses and you can even reference to a fee model so that costs don’t spiral.
It's common practice for online retailers to ask for permission to retain card details. Consent is not a bad option in terms of a lawful basis. Of course, the security of that information is paramount, and there should be a mechanism for the customer to provide the confirmation number when the cardRead more
It’s common practice for online retailers to ask for permission to retain card details. Consent is not a bad option in terms of a lawful basis. Of course, the security of that information is paramount, and there should be a mechanism for the customer to provide the confirmation number when the card is used, or at least I would recommend that.
Cookie pro CookieBot CookieServe All these give a cookie related compliance check. And then https://webbkoll.dataskydd.net give a very good view of compliance in different areas.
I agree with Andrea. If an ad needs to be 'reactivated', that sounds as though someone has opted out. So a follow-up purchase doesn't override someone's right to opt out of marketing.
I agree with Andrea. If an ad needs to be ‘reactivated’, that sounds as though someone has opted out. So a follow-up purchase doesn’t override someone’s right to opt out of marketing.
That's an interesting question. I might be tempted to look at this form an availability point of view. So if the power in their data centre, which is the service they provide, was unavailable, does that render the personal information on your hardware unaccessible, therefore, is there a risk of a brRead more
That’s an interesting question. I might be tempted to look at this form an availability point of view. So if the power in their data centre, which is the service they provide, was unavailable, does that render the personal information on your hardware unaccessible, therefore, is there a risk of a breach of availability of data.
One to think about.
I would take a pragmatic approach to this. If you are confident that you have provided information that was originally requested, I'd consider the SAR resolved. Any further requests can be submitted in a new SAR.
I would take a pragmatic approach to this. If you are confident that you have provided information that was originally requested, I’d consider the SAR resolved. Any further requests can be submitted in a new SAR.
As rich has said, onetrust are a good solution. For cost and ease - there is CookieBot https://www.cookiebot.com/en/ & Osano https://www.osano.com/cookieconsent - Osano is free.
Relationship with an Internal Pension Trustee
Dean
Hi Henry, I did some work with an organisation that offered Pensions services and employee benefits amongst other things. I know that in the particular organisation, the Trustees were the data controller of the Pensions data, and then the 'Pension Provider' (brand) were the Administers. Then data prRead more
Hi Henry,
I did some work with an organisation that offered Pensions services and employee benefits amongst other things.
I know that in the particular organisation, the Trustees were the data controller of the Pensions data, and then the ‘Pension Provider’ (brand) were the Administers. Then data processing agreements with the organisations that supported the service. Relationship is usually between Trustees and Pension user.
Is there a particular element that people can help with?
Thanks so much,
See lessDean
Audit of a Data Processor
Dean
I seen a good deal of contracts where data processors use wording like "at Customer cost, Supplier will". The GDPR is silent on whether a data processor should be paid for assisting with a data controller's obligations, and especially in the audit right. From a data processors perspective, it is a cRead more
I seen a good deal of contracts where data processors use wording like “at Customer cost, Supplier will”.
The GDPR is silent on whether a data processor should be paid for assisting with a data controller’s obligations, and especially in the audit right.
From a data processors perspective, it is a commercial discussion, rather than a data protection question. Will they help with audit, yes, is it going to cost the controller for the processor’s time, yes.
You can always try to push back, but I’ve added words like, “reasonable” into those clauses and you can even reference to a fee model so that costs don’t spiral.
See lessCan payment details be saved to help with purchases in the future?
Dean
It's common practice for online retailers to ask for permission to retain card details. Consent is not a bad option in terms of a lawful basis. Of course, the security of that information is paramount, and there should be a mechanism for the customer to provide the confirmation number when the cardRead more
It’s common practice for online retailers to ask for permission to retain card details. Consent is not a bad option in terms of a lawful basis. Of course, the security of that information is paramount, and there should be a mechanism for the customer to provide the confirmation number when the card is used, or at least I would recommend that.
See lessWebsite Compliance Review Template
Dean
Cookie pro CookieBot CookieServe All these give a cookie related compliance check. And then https://webbkoll.dataskydd.net give a very good view of compliance in different areas.
Cookie pro
CookieBot
CookieServe
All these give a cookie related compliance check.
And then https://webbkoll.dataskydd.net give a very good view of compliance in different areas.
See lessCan ads be reactivated?
Dean
I agree with Andrea. If an ad needs to be 'reactivated', that sounds as though someone has opted out. So a follow-up purchase doesn't override someone's right to opt out of marketing.
I agree with Andrea. If an ad needs to be ‘reactivated’, that sounds as though someone has opted out. So a follow-up purchase doesn’t override someone’s right to opt out of marketing.
See lessData center, processor or not
Dean
That's an interesting question. I might be tempted to look at this form an availability point of view. So if the power in their data centre, which is the service they provide, was unavailable, does that render the personal information on your hardware unaccessible, therefore, is there a risk of a brRead more
That’s an interesting question. I might be tempted to look at this form an availability point of view. So if the power in their data centre, which is the service they provide, was unavailable, does that render the personal information on your hardware unaccessible, therefore, is there a risk of a breach of availability of data.
See lessOne to think about.
Closing a DSAR
Dean
I would take a pragmatic approach to this. If you are confident that you have provided information that was originally requested, I'd consider the SAR resolved. Any further requests can be submitted in a new SAR.
I would take a pragmatic approach to this. If you are confident that you have provided information that was originally requested, I’d consider the SAR resolved. Any further requests can be submitted in a new SAR.
See lessCookie solution
Dean
As rich has said, onetrust are a good solution. For cost and ease - there is CookieBot https://www.cookiebot.com/en/ & Osano https://www.osano.com/cookieconsent - Osano is free.
As rich has said, onetrust are a good solution.
For cost and ease – there is CookieBot https://www.cookiebot.com/en/ & Osano https://www.osano.com/cookieconsent – Osano is free.
See lessRepresentative as a service providers?
Dean
It tagged my answer to 'richie' - wasn't sure if that was you, so removed the tag :-)
It tagged my answer to ‘richie’ – wasn’t sure if that was you, so removed the tag 🙂
See lessRepresentative as a service providers?
Dean
Hi Rich - could you expand on your question. It sounds as though you're looking for recommendations on EU reps. Is that the gist?
Hi Rich – could you expand on your question. It sounds as though you’re looking for recommendations on EU reps. Is that the gist?
See less