%3C%21--+this+is+a+work+in+progress+made+possible+by+a+grant+from+the+Ewing+Marion+Kauffman+Foundation+in+cooperation+with+the+LTL+Network--%3E%0D%0A%0D%0A%3C%21--+note%3A+bubble+hex+value%3D0F3D5B+--%3E%0D%0A%0D%0AQ%28LETTER_WIP%29%3A+This+is+the+GDPR+letter+generation+tool.%3Cbr%3E%3Cbr%3E+It+is+a+work-in-progress%2C+so+not+all+answer+fields+will+be+populated%2C+and+there+may+be+some+broken+fields.%0D%0AA%3A+I+understand.%0D%0A%09Q%3A+Great.++Thanks+for+giving+it+a+spin%21+If+you+find+any+errors+or+broken+parts%2C+please+%3Ca+href%3D%22mailto%3Ablip%40brooklaw.edu%3Fsubject%3DGDPR%2520QnA%2520Feedback%2520UID20180525%22%3Esend+us+a+note%3C%2Fa%3E.+Thanks%21%0D%0A%09A%3AOkay%21++We+will%21%0D%0A%09%09Q%3AThanks.++You%27re+the+best%21GOTO%3ALETTER_START%0D%0A%09%09%0D%0AQ%28LETTER_START%29%3A+We%27re+going+to+ask+you+several+questions+to+help+identify+potential+risk+areas+for+you+to+speak+about+with+your+attorney.%0D%0AA%3A+Got+it.%0D%0A%09Q%3A+At+the+end%2C+we%27ll+draft+a+letter+for+you+to+send+to+your+attorney+to+help+identify+areas+of+potential+GDPR+Compliance+risk.%0D%0A%09A%3A+Got+it.%0D%0A%09%09Q%3AGOTO%3ALETTER_DISCLAIMER%0D%0A%0D%0AQ%28LETTER_DISCLAIMER%29%3A+We%27re+about+to+get+to+the+good+part.+%3Cbr%3E%3Cbr%3E+But%2C+before+we+do%2C+we+need+to+go+over+a+few+things+with+you.%0D%0AA%3A+Okay%2C+I%27m+ready.%0D%0A%09Q%3A+This+is+the+companion+piece+to+the+%3Cb%3EBLIP+LTL+GDPR+Learning+Tool%3C%2Fb%3E.++If+you+haven%27t+already%2C+you+should+check+out+that+tool+by+%3Ca+href%3D%22https%3A%2F%2Fpotkewitz.github.io%2FQnA%2FGDPR_Learner.html%22+target%3D%22_blank%22%3E+clicking+here%3C%2Fa%3E.%0D%0A%09A%3A+Wow.++Okay.++Thanks.++I+haven%27t+been+there+yet+and+will+go+right+now%21%0D%0A%09%09Q%3A+Great.GOTO%3AENDRUN%0D%0A%09A%3A+Why+should+I+check+out+that+tool%3F%0D%0A%09%09Q%3A+The+tool+has+%3Ci%3Ea+lot%3C%2Fi%3E+of+useful+information+about+the+GDPR+and+how+it+could+affect+you+and+your+business.++If+you%27re+unfamiliar+with+the+GDPR%2C+it%27s+%3Ca+href%3D%22https%3A%2F%2Fpotkewitz.github.io%2FQnA%2FGDPR_Learner.html%22+target%3D%22_blank%22%3Ea+good+place+to+start%3C%2Fa%3E.%0D%0A%09%09A%3A+Okay.++I%27ll+check+it+out.%0D%0A%09%09%09Q%3AGOTO%3AENDRUN%0D%0A%09%09A%3A+Meh.++Not+for+me.++I%27d+like+to+stick+with+this.%0D%0A%09%09%09Q%3A+You+really+should+%3Ca+href%3D%22https%3A%2F%2Fpotkewitz.github.io%2FGDPR_Learner.html%22+target%3D%22_blank%22%3Echeck+it+out.%3C%2Fa%3E%0D%0A%09%09%09A%3A+Okay.++You%27ve+convinced+me.%0D%0A%09%09%09%09Q%3AGOTO%3AENDRUN%0D%0A%09%09%09A%3A+I+would+really+rather+not.++I%27m+already+%3Ci%3Ehere%3C%2Fi%3E+and+would+like+to+move+on.%0D%0A%09%09%09%09Q%3AIf+you+insist.GOTO%3AREAL_DISCLAIMER%0D%0A%09A%3A+I+have+already+been+through+the+learning+tool.+That%27s+how+I+got+here%21%0D%0A%09%09Q%3A+Oh%2C+okay.++So+you%27re+not+new+at+this.++Great%21GOTO%3AREAL_DISCLAIMER%0D%0A%09A%3A+I+don%27t+care+about+that+other+thing.++I+wanna+keep+checking+this+out%21%0D%0A%09%09Q%3A+You+really+should+check+that+site+out+first%2C+but+if+you+insist.GOTO%3AREAL_DISCLAIMER%0D%0A%0D%0AQ%28REAL_DISCLAIMER%29%3A+Before+we+go+any+further%2C+we+need+to+go+over+some+legal+business.%0D%0AA%3A+Oh.++Figures.++Let%27s+do+it%21%0D%0A%09Q%3AOkay.++This+tool+shall+not+be+construed+as+legal+advice+of+any+kind.++If+you+have+any+legal+questions+or+concerns%2C+you+should+contact+an+attorney.%0D%0A%09A%3A+I+understand+that+this+is+not+legal+advice.%0D%0A%09%09Q%3A+Terrific.++In+addition%2C+we+are+not+entering+into+an+agreement+to+represent+you%2C+and+nothing+in+this+tool+should+be+understood+as+an+offer+to+enter+into+an+attorney%2Fclient+relationship+with+you.%0D%0A%09%09A%3A+Okay.++I+also+understand+that+we+are+not+entering+into+an+attorney%2Fclient+relationship.%0D%0A%09%09%09Q%3A+This+tool+is+meant+to+help+you+learn+a+bit+about+the+GDPR+and+identify+some+areas+about+which+you+should+speak+with+an+attorney.%0D%0A%09%09%09A%3A+I+think+it%27s+great+that+this+is+only+a+learning+tool.%0D%0A%09%09%09%09Q%3A+And%2C+finally%2C+if+you+have+%3Ci%3Eany%3C%2Fi%3E+legal+questions%2C+you+should+speak+with+an+attorney.%0D%0A%09%09%09%09A%3A+Of+course+I%27ll+speak+with+an+attorney+if+I+have+any+legal+questions.%0D%0A%09%09%09%09%09Q%3A+Terrific.++Let%27s+get+started.GOTO%3APURGATORY%0D%0A%0D%0AQ%28PURGATORY%29%3A+Alright.++We+are+going+to+ask+you+some+information+about+you+and+your+business+soon.++But%2C+do+you+have+any+questions+for+us+before+we+begin%3F%0D%0AA%3A+Yes%0D%0A%09Q%28ROUND1%29%3A+What+would+you+like+to+know%3F%0D%0A%09A%3A+What+sort+of+questions+will+you+be+asking%3F%0D%0A%09%09Q%3A+We+will+ask+for+some+basic+biographical+information%2C+such+as+your+name%2C+the+name+of+your+business%2C+if+you+have+a+lawyer+and+the+name+of+that+lawyer.%0D%0A%09%09A%3A+Why+do+you+need+this+information%3F%0D%0A%09%09%09Q%3A+At+the+end+of+this%2C+together+we%27ll+have+drafted+an+email+outlining+some+areas+you+should+probably+discuss+with+your+lawyer.%0D%0A%09%09%09A%3A+What+do+you+do+with+that+information%3F%0D%0A%09%09%09%09Q%3A+We+only+use+it+to+populate+the+email.++%3Cbr%3E%3Cbr%3EWe+provide+you+with+pseudonyms+you+can+use+if+you%27d+rather+fill+that+info+in+youself.%0D%0A%09%09%09%09A%3A+Okay.++I+have+more+questions.%0D%0A%09%09%09%09%09Q%3AGOTO%3AROUND1%0D%0A%09A%3A+This+format+is+really+cool%21++What+is+it%3F%0D%0A%09%09Q%3A+Thanks+for+noticing%21++This+was+built+using+a+markup+language+called+QnA+built+by+%3Ca+href%3D%22http%3A%2F%2Fwww.davidcolarusso.com%2Fattorney%2F%22+target%3D%22_blank%22%3EDavid+Colarusso%3C%2Fa%3E.++%3Cbr%3E%3Cbr%3EYou+can+build+your+own+interactive+QnA+by+visiting+the+%3Ca+href%3D%22http%3A%2F%2Fwww.qnamarkup.org%2F%22+target%3D%22_blank%22%3EQnA+Markup+Editor+%28still+in+beta%29%3C%2Fa%3E.%0D%0A%09%09A%3A+Thanks.++I+have+more+questions.%0D%0A%09%09%09Q%3AGOTO%3AROUND1%0D%0A%09%09A%3A+Gotcha.++That+covers+it.++I%27m+ready+to+get+down+to+business%21%0D%0A%09%09%09Q%3AGOTO%3AUSER_NAME%0D%0AA%3A+No.%0D%0A%09Q%3A+Are+you+sure%3F%0D%0A%09A%3A+Yes%2C+I%27m+sure.%0D%0A%09%09Q%3AGOTO%3AUSER_NAME%0D%0A%09A%3A+No.++Actually+I+have+some+questions.%0D%0A%09%09Q%3AGOTO%3AROUND1%0D%0A%0D%0A%0D%0AQ%28USER_NAME%29%3A+What%27s+your+full+name%3F%0D%0AX%3A%0D%0A%09Q%3AGOTO%3ABIZ_NAME%0D%0AA%3A+Alex%0D%0A%09Q%3AGOTO%3ABIZ_NAME%0D%0A%0D%0AQ%28BIZ_NAME%29%3A+What%27s+your+business+called%3F%0D%0AX%3A%0D%0A%09Q%3AGOTO%3AGC_YorN%0D%0AA%3A+Acme+Anvils%2C+Inc.%0D%0A%09Q%3AGOTO%3AGC_YorN%0D%0A%0D%0AQ%28GC_YorN%29%3ADoes+your+business+have+a+general+counsel%2C+or+do+you+work+with+a+lawyer%3F%0D%0AA%3A+Yes.%0D%0A%09Q%28LAWYER_FIRST%29%3A+What%27s+your+lawyer%27s+first+name%3F%0D%0A%09X%3A%0D%0A%09%09DOC%3A+Dear+%3Cx%3ELAWYER_FIRST%3C%2Fx%3E%2C%3Cbr%3E%3Cbr%3E%0D%0A%09%09Q%3AGOTO%3APD6%0D%0A%09A%3A+Pat%0D%0A%09%09DOC%3A+Dear+%3Cx%3ELAWYER_FIRST%3C%2Fx%3E%2C%3Cbr%3E%3Cbr%3E%0D%0A%09%09Q%3AGOTO%3APD6%0D%0AA%3ANo.++We+don%27t+have+a+lawyer+yet.%0D%0A%09DOC%3A+Dear+FUTURE+LAWYER%2C%3Cbr%3E%3Cbr%3E%0D%0A%09Q%3AGOTO%3APD6%0D%0A%0D%0AQ%28PD6%29%3AOkay%2C+that%27s+the+end+of+the+optional+personal+questions.++From+here+on+out%2C+you%27ll+need+to+answer+these+questions+in+order+for+us+to+get+you+accurate+answers+for+the+letter+to+work.%0D%0AA%3A+Okay.%0D%0A%09Q%3AGOTO%3AJX%0D%0AA%3A+Why+do+you+need+this+information%3F%0D%0A%09Q%3A+In+order+to+assess+your+potential+GDPR+compliance+risks%2C+we+will+need+some+information+about+your+business.%0D%0A%09A%3A+Okay.%0D%0A%09%09Q%3AGOTO%3AJX%0D%0A%0D%0AQ%28JX%29%3A+The+GDPR+applies+to+a+company+or+entity+that+processes+personal+data+as+part+of+its+activities+of+one+of+its+branches+established+in+the+EU+%3Cbr%3E%3Cbr%3EOR%3Cbr%3E%3Cbr%3EA+Company+established+outside+the+EU+offering+goods%2Fservices+%28paid+or+free%29+or+monitoring+the+behavior+of+individuals+in+the+EU.%0D%0AA%3A+Okay.++I+think+I+see+what%27s+coming.%0D%0A%09Q%28DO_The_DEW%29%3A+So%2C+do+you+think+this+applies+to+you%3F++Do+you+store%2Fprocess+personal+data+of+people+in+the+EU+as+part+of+your+activities+or+do+you+offer+services+to+individuals+in+the+EU+and+monitor+their+behavior%3F%0D%0A%09A%3A+Yes.%0D%0A%09%09Q%3AGOTO%3AJX_1_or_2%0D%0A%09A%3A+No.++Absolutely+not.%0D%0A%09%09Q%3A+Are+you+sure%3F%0D%0A%09%09A%3A+I+am+absolutely+sure.%0D%0A%09%09%09Q%3A+Well%2C+then+it+sounds+like+you+might+not+need+to+worry+too+much+about+the+GDPR%2C+BUT+%3Cb%3E+you+should+speak+with+your+attorney+to+make+sure.%3C%2Fb%3E.++You+may+also+want+to+check+out+our+%3Ca+href%3D%22https%3A%2F%2Fpotkewitz.github.io%2FGDPR_Learner.html%22+target%3D%22_blank%22%3EGDPR+Learning+Tool%3C%2Fa%3E.GOTO%3AENDRUN%0D%0A%09A%3A+I%27m+not+sure.%0D%0A%09%09Q%3A+Okay.++If+you%27re+not+sure%2C+let%27s+just+assume+that+you+might+in+order+to+play+it+safe.++You+%0D%0A%09%09A%3A+That+sounds+good.%0D%0A%09%09%09DOC%3A++We+are+not+sure+whether+we+process+personal+data+on+individuals+in+the+EU.++Nonetheless%2C+we+would+like+to+discuss+the+General+Data+Protection+Regulation+%28GDPR%29%2C+and+how+the+rule+may+affect+our+business.+In+order+to+direct+our+conversation%2C+we+have+compiled+a+list+of+information+we+can+discuss+to+help+determine+our+compliance+risk.%0D%0A%09%09%09Q%3AGOTO%3AJX_1_or_2%0D%0A%09%09%09%09%0D%0AQ%28JX_1_or_2%29%3A+Okay.+So+which+do+you+think+describes+you+best%3F%0D%0AA%3A+We+process+personal+data+as+a+part+of+activities+and+have+a+branch+in+the+EU.%0D%0A%09DOC%3A++Since+we+have+a+branch+in+the+EU+and+process+personal+data+as+part+of+our+activities%2C+we+believe+we+may+be+subject+to+the+GDPR.%0D%0A%09Q%3AGOTO%3ADATA_TYPE1%0D%0AA%3A+We+are+established+outside+the+EU+but+offer+goods%2Fservices+%28paid+or+free%29+to+individuals+in+the+EU+or+monitor+the+behavior+of+individuals+in+the+EU.%0D%0A%09Q%3A+Which+is+it%3F%0D%0A%09A%3A+We+are+established+outside+the+EU+and+offer+goods%2Fservices+%28paid+or+for+free%29+to+individuals+in+the+EU.%0D%0A%09%09DOC%3A+Though+we+are+established+outside+the+EU%2C+we+offer+goods%2Fservices+to+individuals+in+the+EU.%0D%0A%09%09Q%3AGOTO%3ADATA_TYPE1%0D%0A%09A%3A+We+are+established+outside+the+EU+and+monitor+the+behavior+of+individuals+in+the+EU.%0D%0A%09%09DOC%3A+Though+we+are+established+outside+the+EU%2C+monitor+individuals+in+the+EU.%0D%0A%09%09Q%3AGOTO%3ADATA_TYPE1%0D%0A%09A%3A+Sorta+both.%0D%0A%09%09DOC%3A+Though+we+are+established+outside+the+EU%2C+we+offer+goods%2Fservices+to+individuals+in+the+EU+and+monitor+behavior+of+individuals+in+the+EU.%0D%0A%09%09Q%3AGOTO%3ADATA_TYPE1%0D%0AA%3A+All+of+the+above.%0D%0A%09DOC%3A+We+have+a+branch+in+the+EU%2C+and+we+offer+goods%2Fservices+to+individuals+in+the+EU+and+monitor+behavior+of+individuals+in+the+EU.%0D%0A%09Q%3AGOTO%3ADATA_TYPE1%0D%0A%0D%0AQ%28DATA_TYPE1%29%3A+What+sort+of+data+do+you+process%3F%0D%0AA%3A+We+don%27t+really+process+data.%0D%0A%09Q%3AHmmm....+You+may+not+process+it+yourself%2C+but+do+you+store+it+and+determine+the+purposes+for+which+and+the+means+by+which+the+personal+data+is+processed%3F%0D%0A%09A%3A+Yes%2C+we+do.%0D%0A%09%09DOC%3A+We+may+be+a+data+controller+and+therefore+subject+to+the+GDPR.%0D%0A%09%09Q%3AGOTO%3ASIZE_MATTERS%0D%0A%09A%3A+No%2C+we+do+none+of+that.%0D%0A%09%09DOC%3A+GDPR+may+not+apply+to+us.++However%2C+we+would+like+to+speak+with+you+to+be+sure.%0D%0A%09%09Q%3AGOTO%3ASIZE_MATTERS%0D%0A%09A%3A+I%27m+not+sure.%0D%0A%09%09DOC%3A+It%27s+unclear+to+us+whether+we+process+or+control+data+for+purpose+of+the+GDPR+and+would+like+to+make+sure.%0D%0A%09%09Q%3AGOTO%3ASIZE_MATTERS%0D%0AA%3A+We+process+sensitive+data+such+as+financial+records%2C+medical+records%2C+or+criminal+records.%0D%0A%09DOC%3A+In+addition%2C+we+process+sensitive+data%2C+so+we+think+we+may+need+to+keep+records+of+processing+activities+and%2For+appoint+a+Data+Protection+Officer+%28DPO%29.%0D%0A%09Q%3AGOTO%3ASIZE_MATTERS%0D%0AA%3A+We+process+generic%2C+pseudonymized+or+anonymized+aggregate+data.%0D%0A%09DOC%3A++However%2C+we+generally+process+generic%2C+psuedonymized+or+anonymized+aggregate+data.%0D%0A%09Q%3AGOTO%3ASIZE_MATTERS%0D%0AA%3A+We+process+a+mix+of+sensitive+and+non-sensitive+data.%0D%0A%09DOC%3A+Unfortunately%2C+we+process+a+mix+of+sensitive+and+non-sensitive+data.%0D%0A%09Q%3AGOTO%3ASIZE_MATTERS%0D%0A%0D%0AQ%28SIZE_MATTERS%29%3AThe+GDPR+applies+to+companies+not+based+on+their+size%2C+but+rather+on+their+activities.++However%2C+there+are+some+requirements+that+relate+to+firm+size.%3Cbr%3E%3Cbr%3EHow+large+is+your+firm%3F%0D%0AA%3A+We+have+fewer+than+250+employees.%0D%0A%09DOC%3A+%3Cbr%3E%3Cbr%3ESince+we+have+fewer+than+250+employees%2C+we+understand+that+we+may+not+be+required+to+keep+records+of+processing+activities+unless+the+processing+of+personal+data+is+a+regular+activity%2C+poses+a+threat+to+individuals%27+rights+and+freedoms%2C+or+concerns+sensitive+data+or+criminal+records.++From+what+we+have+seen+DPO+must+inform+an+advise+us+and+our+employees+of+our+obligations+under+data+protection+law%2C+monitor+compliance+with+all+legislation+in+relation+to+data+protection%2C+including+audits%2C+awareness-raising+activities%2C+as+well+as+training+staff+and+involved+in+processing+operations%2C+provide+advice+when+a+Data+Protection+Impact+Assessment+has+been+carried+out+and+monitor+its+performance.++In+addition%2C+a+DPO+must+act+as+a+contact+point+for+for+Data+Protection+Agencies+on+issues+relating+to+processing.+If+we+are+required+to+appoint+a+DPO%2C+we+will+need+to+do+so+in+a+timely+manner%2C+so+we+could+use+your+guidance+in+deterring+whether+a+DPO+is+necessary.%0D%0A%09Q%3AGOTO%3ADPIA%0D%0AA%3A+We+have+250+employees+or+more%0D%0A%09DOC%3A+%3Cbr%3E%3Cbr%3ESince+we+have+more+than+250+employees%2C+we+understand+that+we+may+be+required+to+keep+records+of+processing+activities+and+appoint+a+Data+Protection+Office+%28DPO%29.++From+what+we+understand%2C+a+DPO+must+inform+an+advise+us+and+our+employees+of+our+obligations+under+data+protection+law%2C+monitor+compliance+with+all+legislation+in+relation+to+data+protection%2C+including+audits%2C+awareness-raising+activities%2C+as+well+as+training+staff+and+involved+in+processing+operations%2C+provide+advice+when+a+Data+Protection+Impact+Assessment+has+been+carried+out+and+monitor+its+performance.++In+addition%2C+a+DPO+must+act+as+a+contact+point+for+for+Data+Protection+Agencies+on+issues+relating+to+processing.+If+we+are+required+to+appoint+a+DPO%2C+we+will+need+to+do+so+in+a+timely+manner%2C+so+we+could+use+your+guidance+in+deterring+whether+a+DPO+is+necessary.%0D%0A%09Q%3AGOTO%3ADPIA%0D%0A%0D%0AQ%28DPIA%29%3ADo+you+either+perform+systematic+and+exhaustive+evaluations+of+the+personal+aspects+of+an+individual%2C+including+profile%3B+process+sensitive+data+on+a+large+scale%3B+or%2C+systematically+monitor+public+areas+on+a+large+scale%3F%0D%0AA%3A+Yes.%0D%0A%09Q%3A+Which+one%3F%0D%0A%09A%3A+We+perform+systematic+and+extensive+evaluations+of+the+personal+aspects+of+an+individual+including+profiling.%0D%0A%09%09DOC%3A+%3Cbr%3E%3Cbr%3E+Since+we+perform+systematic+and+extensive+evaluations+of+the+personal+aspects+of+an+individual+including+profiling%2C+we+might+need+to+perform+a+Data+Protection+Impact+Assessment.%0D%0A%09%09Q%3AGOTO%3AHEAD1%0D%0A%09A%3A+We+process+sensitive+data+on+a+large+scale.%0D%0A%09%09DOC%3A+%3Cbr%3E%3Cbr%3E+Since+we+process+sensitive+data+on+a+large+scale%2C+we+might+need+to+perform+a+Data+Protection+Impact+Assessment.%0D%0A%09%09Q%3AGOTO%3AHEAD1%09%0D%0A%09A%3A+We+systematically+monitor+public+areas+on+a+large+scale.%0D%0A%09%09DOC%3A+%3Cbr%3E%3Cbr%3E+Because+we+systematically+monitor+public+areas+on+a+large+scale%2C+we+may+need+to+perform+a+Data+Protection+Impact+Assessment.%0D%0A%09%09Q%3AGOTO%3AHEAD1%0D%0A%09A%3A+Some+combination+of+the+things+listed+above.%0D%0A%09%09DOC%3A+Because+of+the+nature+of+our+data+processing+activities%2C+we+may+need+to+perform+a+Data+Protection+Impact+Assessment.%0D%0A%09%09Q%3AGOTO%3AHEAD1%0D%0AA%3A+No.%0D%0A%09Q%3AGOTO%3AHEAD1%0D%0A%0D%0AQ%28HEAD1%29%3A+We%27re+almost+done%21%0D%0AA%3AOkay%21%0D%0A%09DOC%28%29%3A+%3Cbr%3E%3Cbr%3EWe+look+forward+to+speaking+with+you+about+our+next+steps+in+working+toward+GDPR+compliance.++%3Cbr%3E%3Cbr%3EIn+order+to+ensure+we+are+prepared+for+our+discussion%2C+we+have+consulted+the+%3Ca+href%3D%22https%3A%2F%2Fwww.brooklaw.edu%2Facademics%2Fclinicalprogram%2Fblip%2Faboutblip%3F%22+target%3D%22_blank%22%3EBLIP+LTL+GDPR+Learning+Tool%3C%2Fa%3E%2C+to+learn+more+about+the+GDPR+and+its+impact+on+our+business.%3Cbr%3E%3Cbr%3EWarm+Regards%2C%3Cbr%3E%3Cx%3EUSER_NAME%3C%2Fx%3E%3Cbr%3E%3Ci%3E%3Cx%3EBIZ_NAME%3C%2Fx%3E%3C%2Fi%3E%0D%0A%09Q%3AGOTO%3Areadyquery%0D%0A%0D%0AQ%28readyquery%29%3A+Are+you+ready+to+see+your+talking+points%3F%0D%0AA%5Bjavascript%3Asubmit2%28%27http%3A%2F%2Fwww.qnamarkup.org%2Fdoc%2Fparse%2Fhtml%2F%27%2C+%27POST%27%2C+%27t%27%2C+%27GDPR+Talking+Points%27%29%5D%3A+Yes%2C+as+text+on+a+web-based+editor.%0D%0A%09Q%3A+Thanks%21++And+good+luck%21%0D%0AA%5Bjavascript%3Asave2%28%27GDPR_Talking_Points_Markdown.txt%27%2Cdoc%28%29%29%3B%5D%3A+As+a+file+I+can+save+%28best+for+pasting+into+a+markdown+editor%29.%0D%0A%09Q%3A+Thanks%21++And+good+luck%21%0D%0AA%5Bjavascript%3Amail2%28%27the+email+of+your+lawyer%27%2C%27GDPR+Questions%27%2Cdoc%28%29%29%5D%3A+As+an+email.%0D%0A%09Q%3A+Thanks%21++And+good+luck%21++%3Cbr%3E%3Cbr%3E+If+you+have+further+questions%2C+you+can+can+request+service+from+%3Ca+href%3D%22https%3A%2F%2Fapplications.brooklaw.edu%2Fblip%2FPages%2FBLIPIntakeForm.aspx%22+target%3D%22_blank%22%3EBLIP%3C%2Fa%3E.%0D%0A%0D%0AQ%28FIXME%29%3A+This+isn%27t+built+yet.++Sorry.GOTO%3AENDRUN%0D%0A%0D%0AQ%28ENDRUN%29%3A+Thanks+for+stopping+by%21%0D%0A%0D%0A%0D%0A%3C%21--Copyright+%28c%29+2018+Mark+Potkewitz--%3E%0D%0A%3C%21--This+is+available+under+the+MIT+License--%3E
This is the GDPR letter generation tool.
It is a work-in-progress, so not all answer fields will be populated, and there may be some broken fields.
Great. Thanks for giving it a spin! If you find any errors or broken parts, please
send us a note. Thanks!
Thanks. You're the best!GOTO:2
We're going to ask you several questions to help identify potential risk areas for you to speak about with your attorney.
At the end, we'll draft a letter for you to send to your attorney to help identify areas of potential GDPR Compliance risk.
GOTO:3
We're about to get to the good part.
But, before we do, we need to go over a few things with you.
This is the companion piece to the
BLIP LTL GDPR Learning Tool. If you haven't already, you should check out that tool by
clicking here.
Great.GOTO:18
The tool has
a lot of useful information about the GDPR and how it could affect you and your business. If you're unfamiliar with the GDPR, it's
a good place to start.
GOTO:18
GOTO:18
If you insist.GOTO:4
Oh, okay. So you're not new at this. Great!GOTO:4
You really should check that site out first, but if you insist.GOTO:4
Before we go any further, we need to go over some legal business.
Okay. This tool shall not be construed as legal advice of any kind. If you have any legal questions or concerns, you should contact an attorney.
Terrific. In addition, we are not entering into an agreement to represent you, and nothing in this tool should be understood as an offer to enter into an attorney/client relationship with you.
This tool is meant to help you learn a bit about the GDPR and identify some areas about which you should speak with an attorney.
And, finally, if you have any legal questions, you should speak with an attorney.
Terrific. Let's get started.GOTO:5
Alright. We are going to ask you some information about you and your business soon. But, do you have any questions for us before we begin?
What would you like to know?
We will ask for some basic biographical information, such as your name, the name of your business, if you have a lawyer and the name of that lawyer.
At the end of this, together we'll have drafted an email outlining some areas you should probably discuss with your lawyer.
We only use it to populate the email.
We provide you with pseudonyms you can use if you'd rather fill that info in youself.
GOTO:5.1
GOTO:5.1
GOTO:6
Are you sure?
GOTO:6
GOTO:5.1
What's your full name?
GOTO:7
GOTO:7
What's your business called?
GOTO:8
GOTO:8
Does your business have a general counsel, or do you work with a lawyer?
What's your lawyer's first name?
Dear LAWYER_FIRST,
GOTO:9
Dear LAWYER_FIRST,
GOTO:9
Dear FUTURE LAWYER,
GOTO:9
Okay, that's the end of the optional personal questions. From here on out, you'll need to answer these questions in order for us to get you accurate answers for the letter to work.
GOTO:10
In order to assess your potential GDPR compliance risks, we will need some information about your business.
GOTO:10
The GDPR applies to a company or entity that processes personal data as part of its activities of one of its branches established in the EU
OR
A Company established outside the EU offering goods/services (paid or free) or monitoring the behavior of individuals in the EU.
So, do you think this applies to you? Do you store/process personal data of people in the EU as part of your activities or do you offer services to individuals in the EU and monitor their behavior?
GOTO:11
Are you sure?
Well, then it sounds like you might not need to worry too much about the GDPR, BUT
you should speak with your attorney to make sure.. You may also want to check out our
GDPR Learning Tool.GOTO:18
Okay. If you're not sure, let's just assume that you might in order to play it safe. You
We are not sure whether we process personal data on individuals in the EU. Nonetheless, we would like to discuss the General Data Protection Regulation (GDPR), and how the rule may affect our business. In order to direct our conversation, we have compiled a list of information we can discuss to help determine our compliance risk.
GOTO:11
Okay. So which do you think describes you best?
Since we have a branch in the EU and process personal data as part of our activities, we believe we may be subject to the GDPR.
GOTO:12
Which is it?
Though we are established outside the EU, we offer goods/services to individuals in the EU.
GOTO:12
Though we are established outside the EU, monitor individuals in the EU.
GOTO:12
Though we are established outside the EU, we offer goods/services to individuals in the EU and monitor behavior of individuals in the EU.
GOTO:12
We have a branch in the EU, and we offer goods/services to individuals in the EU and monitor behavior of individuals in the EU.
GOTO:12
What sort of data do you process?
Hmmm.... You may not process it yourself, but do you store it and determine the purposes for which and the means by which the personal data is processed?
We may be a data controller and therefore subject to the GDPR.
GOTO:13
GDPR may not apply to us. However, we would like to speak with you to be sure.
GOTO:13
It's unclear to us whether we process or control data for purpose of the GDPR and would like to make sure.
GOTO:13
In addition, we process sensitive data, so we think we may need to keep records of processing activities and/or appoint a Data Protection Officer (DPO).
GOTO:13
However, we generally process generic, psuedonymized or anonymized aggregate data.
GOTO:13
Unfortunately, we process a mix of sensitive and non-sensitive data.
GOTO:13
The GDPR applies to companies not based on their size, but rather on their activities. However, there are some requirements that relate to firm size.
How large is your firm?
Since we have fewer than 250 employees, we understand that we may not be required to keep records of processing activities unless the processing of personal data is a regular activity, poses a threat to individuals' rights and freedoms, or concerns sensitive data or criminal records. From what we have seen DPO must inform an advise us and our employees of our obligations under data protection law, monitor compliance with all legislation in relation to data protection, including audits, awareness-raising activities, as well as training staff and involved in processing operations, provide advice when a Data Protection Impact Assessment has been carried out and monitor its performance. In addition, a DPO must act as a contact point for for Data Protection Agencies on issues relating to processing. If we are required to appoint a DPO, we will need to do so in a timely manner, so we could use your guidance in deterring whether a DPO is necessary.
GOTO:14
Since we have more than 250 employees, we understand that we may be required to keep records of processing activities and appoint a Data Protection Office (DPO). From what we understand, a DPO must inform an advise us and our employees of our obligations under data protection law, monitor compliance with all legislation in relation to data protection, including audits, awareness-raising activities, as well as training staff and involved in processing operations, provide advice when a Data Protection Impact Assessment has been carried out and monitor its performance. In addition, a DPO must act as a contact point for for Data Protection Agencies on issues relating to processing. If we are required to appoint a DPO, we will need to do so in a timely manner, so we could use your guidance in deterring whether a DPO is necessary.
GOTO:14
Do you either perform systematic and exhaustive evaluations of the personal aspects of an individual, including profile; process sensitive data on a large scale; or, systematically monitor public areas on a large scale?
Which one?
Since we perform systematic and extensive evaluations of the personal aspects of an individual including profiling, we might need to perform a Data Protection Impact Assessment.
GOTO:15
Since we process sensitive data on a large scale, we might need to perform a Data Protection Impact Assessment.
GOTO:15
Because we systematically monitor public areas on a large scale, we may need to perform a Data Protection Impact Assessment.
GOTO:15
Because of the nature of our data processing activities, we may need to perform a Data Protection Impact Assessment.
GOTO:15
GOTO:15
We're almost done!
We look forward to speaking with you about our next steps in working toward GDPR compliance.
In order to ensure we are prepared for our discussion, we have consulted the
BLIP LTL GDPR Learning Tool, to learn more about the GDPR and its impact on our business.
Warm Regards,
USER_NAMEBIZ_NAME
GOTO:16
Are you ready to see your talking points?
Thanks! And good luck!
Thanks! And good luck!
Thanks! And good luck!
If you have further questions, you can can request service from
BLIP.
This isn't built yet. Sorry.GOTO:18
Thanks for stopping by!
I understand.
javascript:void('');
I understand.
Okay! We will!
javascript:void('');
Okay! We will!
Got it.
javascript:void('');
Got it.
Got it.
javascript:void('');
Got it.
Okay, I'm ready.
javascript:void('');
Okay, I'm ready.
Wow. Okay. Thanks. I haven't been there yet and will go right now!
javascript:void('');
Wow. Okay. Thanks. I haven't been there yet and will go right now!
Why should I check out that tool?
javascript:void('');
Why should I check out that tool?
Okay. I'll check it out.
javascript:void('');
Okay. I'll check it out.
Meh. Not for me. I'd like to stick with this.
javascript:void('');
Meh. Not for me. I'd like to stick with this.
Okay. You've convinced me.
javascript:void('');
Okay. You've convinced me.
I would really rather not. I'm already here and would like to move on.
javascript:void('');
I would really rather not. I'm already here and would like to move on.
I have already been through the learning tool. That's how I got here!
javascript:void('');
I have already been through the learning tool. That's how I got here!
I don't care about that other thing. I wanna keep checking this out!
javascript:void('');
I don't care about that other thing. I wanna keep checking this out!
Oh. Figures. Let's do it!
javascript:void('');
Oh. Figures. Let's do it!
I understand that this is not legal advice.
javascript:void('');
I understand that this is not legal advice.
Okay. I also understand that we are not entering into an attorney/client relationship.
javascript:void('');
Okay. I also understand that we are not entering into an attorney/client relationship.
I think it's great that this is only a learning tool.
javascript:void('');
I think it's great that this is only a learning tool.
Of course I'll speak with an attorney if I have any legal questions.
javascript:void('');
Of course I'll speak with an attorney if I have any legal questions.
Yes
javascript:void('');
Yes
What sort of questions will you be asking?
javascript:void('');
What sort of questions will you be asking?
Why do you need this information?
javascript:void('');
Why do you need this information?
What do you do with that information?
javascript:void('');
What do you do with that information?
Okay. I have more questions.
javascript:void('');
Okay. I have more questions.
This format is really cool! What is it?
javascript:void('');
This format is really cool! What is it?
Thanks. I have more questions.
javascript:void('');
Thanks. I have more questions.
Gotcha. That covers it. I'm ready to get down to business!
javascript:void('');
Gotcha. That covers it. I'm ready to get down to business!
No.
javascript:void('');
No.
Yes, I'm sure.
javascript:void('');
Yes, I'm sure.
No. Actually I have some questions.
javascript:void('');
No. Actually I have some questions.
javascript:void('');
text
6.1
Alex
javascript:void('');
Alex
javascript:void('');
text
7.1
Acme Anvils, Inc.
javascript:void('');
Acme Anvils, Inc.
Yes.
javascript:void('');
Yes.
javascript:void('');
text
8.1.1
Pat
javascript:void('');
Pat
No. We don't have a lawyer yet.
javascript:void('');
No. We don't have a lawyer yet.
Okay.
javascript:void('');
Okay.
Why do you need this information?
javascript:void('');
Why do you need this information?
Okay.
javascript:void('');
Okay.
Okay. I think I see what's coming.
javascript:void('');
Okay. I think I see what's coming.
Yes.
javascript:void('');
Yes.
No. Absolutely not.
javascript:void('');
No. Absolutely not.
I am absolutely sure.
javascript:void('');
I am absolutely sure.
I'm not sure.
javascript:void('');
I'm not sure.
That sounds good.
javascript:void('');
That sounds good.
We process personal data as a part of activities and have a branch in the EU.
javascript:void('');
We process personal data as a part of activities and have a branch in the EU.
We are established outside the EU but offer goods/services (paid or free) to individuals in the EU or monitor the behavior of individuals in the EU.
javascript:void('');
We are established outside the EU but offer goods/services (paid or free) to individuals in the EU or monitor the behavior of individuals in the EU.
We are established outside the EU and offer goods/services (paid or for free) to individuals in the EU.
javascript:void('');
We are established outside the EU and offer goods/services (paid or for free) to individuals in the EU.
We are established outside the EU and monitor the behavior of individuals in the EU.
javascript:void('');
We are established outside the EU and monitor the behavior of individuals in the EU.
Sorta both.
javascript:void('');
Sorta both.
All of the above.
javascript:void('');
All of the above.
We don't really process data.
javascript:void('');
We don't really process data.
Yes, we do.
javascript:void('');
Yes, we do.
No, we do none of that.
javascript:void('');
No, we do none of that.
I'm not sure.
javascript:void('');
I'm not sure.
We process sensitive data such as financial records, medical records, or criminal records.
javascript:void('');
We process sensitive data such as financial records, medical records, or criminal records.
We process generic, pseudonymized or anonymized aggregate data.
javascript:void('');
We process generic, pseudonymized or anonymized aggregate data.
We process a mix of sensitive and non-sensitive data.
javascript:void('');
We process a mix of sensitive and non-sensitive data.
We have fewer than 250 employees.
javascript:void('');
We have fewer than 250 employees.
We have 250 employees or more
javascript:void('');
We have 250 employees or more
Yes.
javascript:void('');
Yes.
We perform systematic and extensive evaluations of the personal aspects of an individual including profiling.
javascript:void('');
We perform systematic and extensive evaluations of the personal aspects of an individual including profiling.
We process sensitive data on a large scale.
javascript:void('');
We process sensitive data on a large scale.
We systematically monitor public areas on a large scale.
javascript:void('');
We systematically monitor public areas on a large scale.
Some combination of the things listed above.
javascript:void('');
Some combination of the things listed above.
No.
javascript:void('');
No.
Okay!
javascript:void('');
Okay!
Yes, as text on a web-based editor.
javascript:submit2('http://www.qnamarkup.org/doc/parse/html/', 'POST', 't', 'GDPR Talking Points')
Yes, as text on a web-based editor.
As a file I can save (best for pasting into a markdown editor).
javascript:save2('GDPR_Talking_Points_Markdown.txt',doc());
As a file I can save (best for pasting into a markdown editor).
As an email.
javascript:mail2('the email of your lawyer','GDPR Questions',doc())
As an email.