Skip to main content
Law

All Questions

Ask Question
Tagged with
9 questions
Newest Active Bountied Unanswered
1 vote
1 answer
286 views

What exactly triggers the GDPR Article 14?

Article 14 of the GDPR concerns the requirement for a data controller to inform the data subject when they obtain personal data has been obtained from an entity that is not the data subject: Art. 14 ...
User65535's user avatar
User65535
  • 7,730
10 votes
4 answers
5k views

Is there a way to determine if an email address is personal information?

The GDPR defines personal data as: Personal data is information that relates to an identified or identifiable individual. My understanding is that this means that [email protected] is ...
User65535's user avatar
User65535
  • 7,730
1 vote
1 answer
35 views

Responsabilities on data breaches UK Data Protection Act

Following a question from THIS StackExchange about Data Protection Act application in the UK, there is an aspect about "proactivity" and "responsabilities" that I do not fully ...
Javier Gonzalez Moncayo's user avatar
Javier Gonzalez Moncayo
  • 15
0 votes
1 answer
59 views

Does the UK have a (enforcable) law linked with the Data Protection Act to control document's metadata?

Reading the information on the ICO's website, I came across a few items mentioning how to handle metadata on my organization's workflow like THIS or THIS. I noticed they use expressions like "...
Javier Gonzalez Moncayo's user avatar
Javier Gonzalez Moncayo
  • 15
0 votes
2 answers
55 views

If you recieve others PII as part of the response to a GDPR SAR do you become a data controller?

Say Alice makes a GDPR Subject Access Request of a data controller, and in response receives some of Bob's Personally Identifiable Information, does the Alice then become a data controller with ...
User65535's user avatar
User65535
  • 7,730
10 votes
2 answers
3k views

Can I store the names of arbitrary business associates in my CRM system?

I'm running an agency and I would like to store the names of employees of my client's companies to help me build client relationships. For example, "Gina works on reception." Is this allowed ...
Jordan Regan's user avatar
Jordan Regan
  • 111
1 vote
1 answer
54 views

What references are available for the GDPR legitimate interests balancing test?

A basis for the processing of personally identifiable data (PII) is legitimate interest. According to the UK ICO data controllers who rely on this basis should conduct a legitimate interests ...
Dave's user avatar
Dave
  • 827
1 vote
1 answer
92 views

Does the Data Protection Act 2018 in UK require users of a website to explicitly

Now that Brexit has happened, GDPR no longer takes effect in UK. However, the Data Protection Act 2018 will continue to apply. With GDPR's Article 6, a website is required to request explicit consent ...
Nuno's user avatar
Nuno
  • 1,033
0 votes
1 answer
52 views

What constitutes PII w.r.t. DPA \ EU legislations?

I have the following data items: Name Office Department Parking space number I'm using What is personal data? – A quick reference guide to figure out what out of these items would be regarded as PII....
BanksySan's user avatar
BanksySan
  • 103