Attention: Please take a moment to consider our terms and conditions before posting.

GDPR

2»

Comments

  • edited January 2018
    MrOneLung said:

    Let's lighten the mood - mifid II anyone ?

    PSD2 is the sickener #regulatorybantz
  • Isn't this the stuff that @Redmidland has been handling on his round the world tour?
  • WSS said:

    Also, if you're an employee (or anyone else) and think that your boss or any other staff member have been slagging you off etc. behind your back you have the right to ask for all the information that relates to you. This can be emails that include your name (not necessarily sent to you), any instant messages that include your name etc. Could open it up for a few tribunals...

    Erm really? Blimey, that's going to cause so many issues.

    Does anyone have a link to where this is formally publicised?
  • Another scam, like most of y2k was. Just a way for hustlers and lawyers to make piles of cash out of you. Won't make a blind bit of difference, other than a few token wrist slaps - data breaches will still go unreported. Most of the dire warnings are being out out by people who have a vested interest in rinsing you for cash.

    Depressing view, and I genuinely hope you're wrong... but sadly, I think you'll be proven correct.
  • WSSWSS
    edited January 2018
    JohnBoyUK said:

    WSS said:

    Also, if you're an employee (or anyone else) and think that your boss or any other staff member have been slagging you off etc. behind your back you have the right to ask for all the information that relates to you. This can be emails that include your name (not necessarily sent to you), any instant messages that include your name etc. Could open it up for a few tribunals...

    Erm really? Blimey, that's going to cause so many issues.

    Does anyone have a link to where this is formally publicised?
    https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-of-access/

    1. The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:

    (a) the purposes of the processing;
    (b) the categories of personal data concerned;
    (c) the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular
    recipients in third countries or international organisations;
    (d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used
    to determine that period;
    (e) the existence of the right to request from the controller rectification or erasure of personal data or restriction of
    processing of personal data concerning the data subject or to object to such processing;
    (f) the right to lodge a complaint with a supervisory authority;
    (g) where the personal data are not collected from the data subject, any available information as to their source;
    (h) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in
    those cases, meaningful information about the logic involved, as well as the significance and the envisaged
    consequences of such processing for the data subject.

    2. Where personal data are transferred to a third country or to an international organisation, the data subject shall
    have the right to be informed of the appropriate safeguards pursuant to Article 46 relating to the transfer.

    3. The controller shall provide a copy of the personal data undergoing processing. For any further copies requested
    by the data subject, the controller may charge a reasonable fee based on administrative costs. Where the data subject
    makes the request by electronic means, and unless otherwise requested by the data subject, the information shall be
    provided in a commonly used electronic form.

    4. The right to obtain a copy referred to in paragraph 3 shall not adversely affect the rights and freedoms of others.
  • WSS said:

    Dazzler21 said:

    Just to confirm, by May you only have to evidence you are working towards being GDPR compliant.

    It am currently working on a consent management piece of work. It's crazy the hoops you have to jump through and this is for people actively seeking marketing!

    I'm 99% sure that is not true. People have had since April 2016 to "work towards" being compliant.

    Come May 25th the directive is enforceable.

    Might just be us then, but then we are one of the oldest organisations in the country.

    Fortunately I'm not on the GDPR project, I am working on projects that are affected by it though.
  • Another scam, like most of y2k was. Just a way for hustlers and lawyers to make piles of cash out of you. Won't make a blind bit of difference, other than a few token wrist slaps - data breaches will still go unreported. Most of the dire warnings are being out out by people who have a vested interest in rinsing you for cash.

    I'm not sure I agree with that totally. There is an element of truth in what you are saying but people will soon become aware that they can make life a misery for companies that don't comply. A disgruntled employee, for example, will be able to get the ICO to investigate a company's procedures and compliance. I wouldn't dismiss it at this stage.
  • edited January 2018
    stonemuse said:

    Isn't this the stuff that @Redmidland has been handling on his round the world tour?

    Yes mate it is, not read rest of the thread but I'm working on GDPR which is an 'upgrade' on current DPA legislation. Basically, apart from many other rules, it does give the individual the opportunity to see what data is being held on them and this can include emails etc, it also give the individual the "Right to be Forgotten".
    All companies will also have to self-report any Data breaches, all FOI's have to be answered (there are some exemptions) and all SAR's must be answered in a shorter timescale than now and applying will be free. Maximum fines will increase from £500k to either 4% global turnover or circa £15m, whichever is the greater. The ICO stops being government funded as from May 2018, income will be generated by fines we presume.
    Link here -: https://ico.org.uk/for-the-public/

    Just a point the GDPR is still being 'tweaked' and may change further before 25/5/18

    Edit, now read the rest of the thread, my company (University) has set up an 'Information Protection Unit' which I have worked for since Dec 2016. My remit is to check wherever we collect/store/transmit data (students/staff) we do so securely. My job involves me having to visit our offices around the globe (not just EU) where we have this data, as all offices are covered by GDPR. There is a long way to go for many companies, and it should be taken seriously, the ICO wont accept "we didn't know about it" as an excuse...believe me.
  • Sponsored links:


  • stonemuse said:

    Isn't this the stuff that @Redmidland has been handling on his round the world tour?

    Yes mate it is, not read rest of the thread but I'm working on GDPR which is an 'upgrade' on current DPA legislation. Basically, apart from many other rules, it does give the individual the opportunity to see what data is being held on them and this can include emails etc, it also give the individual the "Right to be Forgotten".
    All companies will also have to self-report any Data breaches, all FOI's have to be answered (there are some exemptions) and all SAR's must be answered in a shorter timescale than now and applying will be free. Maximum fines will increase from £500k to either 4% global turnover or circa £15m, whichever is the greater. The ICO stops being government funded as from May 2018, income will be generated by fines we presume.
    Link here -: https://ico.org.uk/for-the-public/

    Just a point the GDPR is still being 'tweaked' and may change further before 25/5/18

    Edit, now read the rest of the thread, my company (University) has set up an 'Information Protection Unit' which I have worked for since Dec 2016. My remit is to check wherever we collect/store/transmit data (students/staff) we do so securely. My job involves me having to visit our offices around the globe (not just EU) where we have this data, as all offices are covered by GDPR. There is a long way to go for many companies, and it should be taken seriously, the ICO wont accept "we didn't know about it" as an excuse...believe me.

    So does that mean my Thailand office a branch of the UK charity will fall under GDPR even if they dont handle data of EU residents? Cannot get any clarity on this point
    Thanks
  • kimbo said:

    stonemuse said:

    Isn't this the stuff that @Redmidland has been handling on his round the world tour?

    Yes mate it is, not read rest of the thread but I'm working on GDPR which is an 'upgrade' on current DPA legislation. Basically, apart from many other rules, it does give the individual the opportunity to see what data is being held on them and this can include emails etc, it also give the individual the "Right to be Forgotten".
    All companies will also have to self-report any Data breaches, all FOI's have to be answered (there are some exemptions) and all SAR's must be answered in a shorter timescale than now and applying will be free. Maximum fines will increase from £500k to either 4% global turnover or circa £15m, whichever is the greater. The ICO stops being government funded as from May 2018, income will be generated by fines we presume.
    Link here -: https://ico.org.uk/for-the-public/

    Just a point the GDPR is still being 'tweaked' and may change further before 25/5/18

    Edit, now read the rest of the thread, my company (University) has set up an 'Information Protection Unit' which I have worked for since Dec 2016. My remit is to check wherever we collect/store/transmit data (students/staff) we do so securely. My job involves me having to visit our offices around the globe (not just EU) where we have this data, as all offices are covered by GDPR. There is a long way to go for many companies, and it should be taken seriously, the ICO wont accept "we didn't know about it" as an excuse...believe me.

    So does that mean my Thailand office a branch of the UK charity will fall under GDPR even if they dont handle data of EU residents? Cannot get any clarity on this point
    Thanks
    My understanding is that you should not be transmitting personal data to any entity unless you have a legally binding agreement that sets out the restrictions on what they can do with that data to ensure it is handled consistently in line with your own GDPR compliant procedures.
  • edited January 2018
    It's an insane ill thought plan.

    To scrub your name from all files, emails and data you create while working for a company is so hard to maintain. It took a Law firm over 6 months to remove someones name from everything once they requested it.

    Impemented by people who do not understand IT and how systems work.
  • kimbo said:

    stonemuse said:

    Isn't this the stuff that @Redmidland has been handling on his round the world tour?

    Yes mate it is, not read rest of the thread but I'm working on GDPR which is an 'upgrade' on current DPA legislation. Basically, apart from many other rules, it does give the individual the opportunity to see what data is being held on them and this can include emails etc, it also give the individual the "Right to be Forgotten".
    All companies will also have to self-report any Data breaches, all FOI's have to be answered (there are some exemptions) and all SAR's must be answered in a shorter timescale than now and applying will be free. Maximum fines will increase from £500k to either 4% global turnover or circa £15m, whichever is the greater. The ICO stops being government funded as from May 2018, income will be generated by fines we presume.
    Link here -: https://ico.org.uk/for-the-public/

    Just a point the GDPR is still being 'tweaked' and may change further before 25/5/18

    Edit, now read the rest of the thread, my company (University) has set up an 'Information Protection Unit' which I have worked for since Dec 2016. My remit is to check wherever we collect/store/transmit data (students/staff) we do so securely. My job involves me having to visit our offices around the globe (not just EU) where we have this data, as all offices are covered by GDPR. There is a long way to go for many companies, and it should be taken seriously, the ICO wont accept "we didn't know about it" as an excuse...believe me.

    So does that mean my Thailand office a branch of the UK charity will fall under GDPR even if they dont handle data of EU residents? Cannot get any clarity on this point
    Thanks
    Hi @kimbo I'm trying to get clarification for you, should have an answer by Saturday. I'll let you know as soon as I do.
  • cafcpolo said:

    Is a ball ache for the firm I'm consulting at as although their business is in Asia, they hold data for EU citizens which means they must be compliant.

    Fine usually, except the working practices around data protection out there are shocking. Plenty of fun and games to be had over the next four months.

    Any chance that you can let us know the name of the firm that your consulting with mate, seeing as they find protecting personal data and complying with regulations that are there to ensure such to be a ball ache!

    Just so I can make sure that I steer clear of them, that's all. Cheers.
  • Went to a meeting about this today and mentioned there was a post on CL about this subject.
    Apparently I cannot get all my information from this board!
  • Charlton getting in on the act now !
  • ...sooner take the risk of getting fined 4% of turnover
  • I'm (seriously) looking to become one of the GDPR 'experts' in Lux. I was meant to be on GDPR Certification course in Brussels this week, but got cancelled at last minute.
  • Sponsored links:


  • WSS said:

    Also, if you're an employee (or anyone else) and think that your boss or any other staff member have been slagging you off etc. behind your back you have the right to ask for all the information that relates to you. This can be emails that include your name (not necessarily sent to you), any instant messages that include your name etc. Could open it up for a few tribunals...

    I knew there was a reason that my company have a 48hr window for Google hangouts to hold data for!
Sign In or Register to comment.

Roland Out!