All Questions
9
questions
1
vote
1
answer
286
views
What exactly triggers the GDPR Article 14?
Article 14 of the GDPR concerns the requirement for a data controller to inform the data subject when they obtain personal data has been obtained from an entity that is not the data subject:
Art. 14 ...
10
votes
4
answers
5k
views
Is there a way to determine if an email address is personal information?
The GDPR defines personal data as:
Personal data is information that relates to an identified or identifiable individual.
My understanding is that this means that [email protected] is ...
1
vote
1
answer
35
views
Responsabilities on data breaches UK Data Protection Act
Following a question from THIS StackExchange about Data Protection Act application in the UK, there is an aspect about "proactivity" and "responsabilities" that I do not fully ...
0
votes
1
answer
59
views
Does the UK have a (enforcable) law linked with the Data Protection Act to control document's metadata?
Reading the information on the ICO's website, I came across a few items mentioning how to handle metadata on my organization's workflow like THIS or THIS.
I noticed they use expressions like "...
0
votes
2
answers
55
views
If you recieve others PII as part of the response to a GDPR SAR do you become a data controller?
Say Alice makes a GDPR Subject Access Request of a data controller, and in response receives some of Bob's Personally Identifiable Information, does the Alice then become a data controller with ...
10
votes
2
answers
3k
views
Can I store the names of arbitrary business associates in my CRM system?
I'm running an agency and I would like to store the names of employees of my client's companies to help me build client relationships.
For example, "Gina works on reception."
Is this allowed ...
1
vote
1
answer
54
views
What references are available for the GDPR legitimate interests balancing test?
A basis for the processing of personally identifiable data (PII) is legitimate interest. According to the UK ICO data controllers who rely on this basis should conduct a legitimate interests ...
1
vote
1
answer
92
views
Does the Data Protection Act 2018 in UK require users of a website to explicitly
Now that Brexit has happened, GDPR no longer takes effect in UK.
However, the Data Protection Act 2018 will continue to apply.
With GDPR's Article 6, a website is required to request explicit consent ...
0
votes
1
answer
52
views
What constitutes PII w.r.t. DPA \ EU legislations?
I have the following data items:
Name
Office
Department
Parking space number
I'm using What is personal data? – A quick
reference guide to figure out what out of these items would be regarded as PII....