Sign Up

What is 5 + 2?

Have an account? Sign In Now

Sign In

What is 5 + 2?

Forgot Password?

Don't have account, Sign Up Here

Forgot Password

Lost your password? Please enter your email address. You will receive a link and will create a new password via email.

What is 5 + 2?

Have an account? Sign In Now

Please type your username.

Please type your E-Mail.

Please choose an appropriate title for the question so it can be answered easily.
Please choose the appropriate section so the question can be searched easily.

Type the description thoroughly and in details.

What is 5 + 2?

Sign InSign Up

Watercooler by DPOrganizer

Watercooler by DPOrganizer Logo Watercooler by DPOrganizer Logo

Watercooler by DPOrganizer Navigation

Search
Ask A Question

Mobile menu

Close
Ask a Question
  • Home
  • Categories
    • GDPR
    • Privacy Management
    • Professional Development
    • Software tips and tricks
    • Polls
  • Help
  • About Watercooler

DP-Pro

Bronze contributor
0Followers
0Questions
Home/ DP-Pro/Answers
  • About
  • Questions
  • Polls
  • Answers
  1. Asked: February 8, 2022In: GDPR

    GDPR Compliance

    DP-Pro

    DP-Pro

    • 0 Questions
    • 14 Answers
    • 0 Best Answers
    • 14 Points
    View Profile
    DP-Pro Bronze contributor
    Added an answer on February 9, 2022 at 12:48 pm

    In addition to that, go visit the ICO Accountability & Governance pages: https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/accountability-and-governance/ Their new Framework: https://ico.org.uk/for-organisations/accountability-framRead more

    In addition to that, go visit the ICO Accountability & Governance pages: https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/accountability-and-governance/

    Their new Framework: https://ico.org.uk/for-organisations/accountability-framework/

    And Tool: https://ico.org.uk/for-organisations/accountability-framework-self-assessment/

    Good luck!

    See less
    • 0
    • Share
      Share
      • Share on Facebook
      • Share on Twitter
      • Share on LinkedIn
  2. Asked: February 2, 2022In: GDPR

    Who is the data controller when storing data in a blockchain? (immutable distributed data store)

    DP-Pro

    DP-Pro

    • 0 Questions
    • 14 Answers
    • 0 Best Answers
    • 14 Points
    View Profile
    DP-Pro Bronze contributor
    Added an answer on February 9, 2022 at 10:40 am

    There is a lack of consensus as to who is a controller / joint controller, further confounded by what processing is being undertaken on a given dataset at any one time. Blockchains, involve many different players and is unlikely to be an entity (and ergo a controller), in and of itself. You will neeRead more

    There is a lack of consensus as to who is a controller / joint controller, further confounded by what processing is being undertaken on a given dataset at any one time. Blockchains, involve many different players and is unlikely to be an entity (and ergo a controller), in and of itself. You will need to apply the GDPR (and EDPB) definitions of controller to each blockchain you encounter, on a case-by-case basis. You know the familiar phrase – ‘There is no one-size fits all’! As an entity placing said data onto a distributed ledger, you are a (de facto) controller, but do you remain so, given the dilution of your powers?

    See less
    • 1
    • Share
      Share
      • Share on Facebook
      • Share on Twitter
      • Share on LinkedIn
  3. Asked: February 2, 2022In: GDPR, Software tips and tricks

    Storing pseudo-anonymized personal data on a blockchain

    DP-Pro

    DP-Pro

    • 0 Questions
    • 14 Answers
    • 0 Best Answers
    • 14 Points
    View Profile
    DP-Pro Bronze contributor
    Added an answer on February 9, 2022 at 9:57 am

    It is impossible to state whether blockchains are, as a whole, either completely compliant or non-compliant with the GDPR. Blockchains often seek to achieve decentralisation by replacing a unitary CONTROLLER with many different entities, making the allocation of responsibility and accountability almRead more

    It is impossible to state whether blockchains are, as a whole, either completely compliant or non-compliant with the GDPR. Blockchains often seek to achieve decentralisation by replacing a unitary CONTROLLER with many different entities, making the allocation of responsibility and accountability almost impossible. Additionally, exercisable rights are confounded by blockchains in order to preserve so-called data integrity and trust in the technology. That said, it may be possible for private and discrete permissioned blockchains to comply with GDPR requirements but the compatibility of these technologies and the GDPR can only ever be assessed on a case-by-case basis.

    See less
    • 0
    • Share
      Share
      • Share on Facebook
      • Share on Twitter
      • Share on LinkedIn
  4. Asked: January 17, 2022In: GDPR

    Cold Prospecting

    DP-Pro

    DP-Pro

    • 0 Questions
    • 14 Answers
    • 0 Best Answers
    • 14 Points
    View Profile
    DP-Pro Bronze contributor
    Added an answer on February 9, 2022 at 9:44 am

    Much of this will depend on what you mean by 'cold contacting'. Whether you mean you are randomly marketing to citizens/member of the public (who have no expectation of the potential approach) or (say) attendees at an event (who may reasonably expect to be approached by organisations connected to orRead more

    Much of this will depend on what you mean by ‘cold contacting’. Whether you mean you are randomly marketing to citizens/member of the public (who have no expectation of the potential approach) or (say) attendees at an event (who may reasonably expect to be approached by organisations connected to or present at the event). There are no relevant exemptions within the GDPR, but CONSENT will be required when using a list acquired from a 3rd part (eg event organiser)

    See less
    • 1
    • Share
      Share
      • Share on Facebook
      • Share on Twitter
      • Share on LinkedIn
  5. Asked: January 18, 2022In: GDPR, Privacy Management

    Documenting the legal basis for personal information given orally for customer support

    DP-Pro

    DP-Pro

    • 0 Questions
    • 14 Answers
    • 0 Best Answers
    • 14 Points
    View Profile
    DP-Pro Bronze contributor
    Added an answer on February 9, 2022 at 9:35 am

    Ideally we'd need a bit more information about the process to be able to give an informed answer but what you are describing is the fuzzy margin between CONSENT and EXPLICIT CONSENT. Simply by providing contact details could constitute consent, but it is not clear whether this was FREELY GIVEN. FurtRead more

    Ideally we’d need a bit more information about the process to be able to give an informed answer but what you are describing is the fuzzy margin between CONSENT and EXPLICIT CONSENT. Simply by providing contact details could constitute consent, but it is not clear whether this was FREELY GIVEN. Furthermore, without providing any contextual dialogue at the time the details were obtained it is unlikely that the provision of these details was SPECIFIC or INFORMED, meaning that any assumed CONSENT will be invalid. If the details were necessary for a product or service, then CONTRACT might be the more appropriate lawful basis. I tend to regard LEGITIMATE INTERESTS as the last option, because it is so wide and vague in its application, but there are options and the choice is yours..

    See less
    • 0
    • Share
      Share
      • Share on Facebook
      • Share on Twitter
      • Share on LinkedIn
  6. Asked: December 3, 2021In: GDPR

    credit card number handling – bank

    DP-Pro

    DP-Pro

    • 0 Questions
    • 14 Answers
    • 0 Best Answers
    • 14 Points
    View Profile
    DP-Pro Bronze contributor
    Added an answer on December 21, 2021 at 10:06 am

    Hi. It would be reasonable and correct to do so. In some countries financial data are considered particularly sensitive and with the additional requirements of the PCI DSS, its easy to understand that elevation both risk and protection of these data. As you know, what constitutes personal data is aRead more

    Hi. It would be reasonable and correct to do so. In some countries financial data are considered particularly sensitive and with the additional requirements of the PCI DSS, its easy to understand that elevation both risk and protection of these data. As you know, what constitutes personal data is a broad list of attributes and a recent case in Germany established that vehicle chassis numbers (VIN) may also be regarded as personal data, so be cautions and treat all financial data as special category and you cant go too far wrong. The ICO will applaud the additional risk measures you will implement and customers will appreciate the additional protections you give to their data.

    See less
    • 1
    • Share
      Share
      • Share on Facebook
      • Share on Twitter
      • Share on LinkedIn
  7. Asked: December 15, 2021In: GDPR, Privacy Management

    Job applications and Consent

    DP-Pro

    DP-Pro

    • 0 Questions
    • 14 Answers
    • 0 Best Answers
    • 14 Points
    View Profile
    DP-Pro Bronze contributor
    Added an answer on December 21, 2021 at 10:01 am

    Hi. Its unlikely that CONSENT is a valid basis because without sending a CV, the applicant would unlikely be selected for consideration and CONSENT must not be conditional nor should refusal or withdrawal lead to any detriment. Therefore, you should apply CONTRACT as your lawful basis (the provisionRead more

    Hi. Its unlikely that CONSENT is a valid basis because without sending a CV, the applicant would unlikely be selected for consideration and CONSENT must not be conditional nor should refusal or withdrawal lead to any detriment. Therefore, you should apply CONTRACT as your lawful basis (the provision of a CV/Application etc. being a requirement / condition of entering into an contract of employment).

    See less
    • 1
    • Share
      Share
      • Share on Facebook
      • Share on Twitter
      • Share on LinkedIn
  8. Asked: October 20, 2021In: GDPR

    Subject Access Request / Link to other processes

    DP-Pro

    DP-Pro

    • 0 Questions
    • 14 Answers
    • 0 Best Answers
    • 14 Points
    View Profile
    DP-Pro Bronze contributor
    Added an answer on December 1, 2021 at 10:25 am

    DSARs never come in on a good day but, regardless of the history or cause, there is no power or right that a controller can exert over a requestor to withdraw a DSAR.

    DSARs never come in on a good day but, regardless of the history or cause, there is no power or right that a controller can exert over a requestor to withdraw a DSAR.

    See less
    • 0
    • Share
      Share
      • Share on Facebook
      • Share on Twitter
      • Share on LinkedIn
  9. Asked: November 15, 2021In: GDPR

    Closing a DSAR

    DP-Pro

    DP-Pro

    • 0 Questions
    • 14 Answers
    • 0 Best Answers
    • 14 Points
    View Profile
    DP-Pro Bronze contributor
    Added an answer on December 1, 2021 at 10:16 am

    In a DSAR, only information. minutes etc relating to and/or about the requestor is within scope of Art.15 Anything else would need to be disclosed under the FoIA (subject to exemptions) if you are a public body or your general disclosure regime if not. If you hold no further information, say so andRead more

    In a DSAR, only information. minutes etc relating to and/or about the requestor is within scope of Art.15 Anything else would need to be disclosed under the FoIA (subject to exemptions) if you are a public body or your general disclosure regime if not. If you hold no further information, say so and offer the requestor the ICO complaint route and their right to legal redress.

    See less
    • 0
    • Share
      Share
      • Share on Facebook
      • Share on Twitter
      • Share on LinkedIn
  10. Asked: November 23, 2021In: GDPR

    Confused – ‘data definitions and calculations’ – must be provided prior to contract?

    DP-Pro

    DP-Pro

    • 0 Questions
    • 14 Answers
    • 0 Best Answers
    • 14 Points
    View Profile
    DP-Pro Bronze contributor
    Added an answer on December 1, 2021 at 10:05 am

    Er, have you/your client tried asking the contracting bank for clarification? Data Quality in data protection terms is quite different to data quality in Master Data Management terms, with a range of exotic qualitative and quantitative values applied to an eye-watering list of data quality dimensionRead more

    Er, have you/your client tried asking the contracting bank for clarification? Data Quality in data protection terms is quite different to data quality in Master Data Management terms, with a range of exotic qualitative and quantitative values applied to an eye-watering list of data quality dimensions and metrics..

    See less
    • 0
    • Share
      Share
      • Share on Facebook
      • Share on Twitter
      • Share on LinkedIn
1 2

Sidebar

Ask A Question

Trending contributors

Smurf333

Smurf333

  • 7 Answers
Rising star contributor
Magnus T

Magnus T

  • 7 Answers
Rising star contributor
CRodica

CRodica

  • 3 Answers
JeremyClarkson

JeremyClarkson

  • 3 Answers
d9d9d9

d9d9d9

  • 9 Answers
Rising star contributor

Recent questions

  • Anonymous

    Automated Decision Making and profiling

    • 1 Answer
  • CRodica

    Distribution list data breach

    • 2 Answers
  • Anonymous

    What is a data processors legal basis for using data ...

    • 1 Answer
  • Alex

    CCTV warning signs

    • 2 Answers
  • Alex

    Cookies consent and contact form consent

    • 0 Answers

Explore

  • Home
  • Categories
    • GDPR
    • Privacy Management
    • Professional Development
    • Software tips and tricks
    • Polls
  • Help
  • About Watercooler

Footer

Your privacy

  • Cookie notice
  • Privacy notice

Terms and policy

  • Acceptable Use Policy
  • Terms of Use

© 2021 DPOrganizer. All Rights Reserved. With Love by DPOrganizer.