Attention: Please take a moment to consider our terms and conditions before posting.
GDPR
Comments
-
Let's lighten the mood - mifid II anyone ?5
-
PSD2 is the sickener #regulatorybantzMrOneLung said:Let's lighten the mood - mifid II anyone ?
0 -
CRS ?0
-
Isn't this the stuff that @Redmidland has been handling on his round the world tour?0
-
Erm really? Blimey, that's going to cause so many issues.WSS said:Also, if you're an employee (or anyone else) and think that your boss or any other staff member have been slagging you off etc. behind your back you have the right to ask for all the information that relates to you. This can be emails that include your name (not necessarily sent to you), any instant messages that include your name etc. Could open it up for a few tribunals...
Does anyone have a link to where this is formally publicised?0 -
Depressing view, and I genuinely hope you're wrong... but sadly, I think you'll be proven correct.Leroy Ambrose said:Another scam, like most of y2k was. Just a way for hustlers and lawyers to make piles of cash out of you. Won't make a blind bit of difference, other than a few token wrist slaps - data breaches will still go unreported. Most of the dire warnings are being out out by people who have a vested interest in rinsing you for cash.
1 -
https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-of-access/JohnBoyUK said:
Erm really? Blimey, that's going to cause so many issues.WSS said:Also, if you're an employee (or anyone else) and think that your boss or any other staff member have been slagging you off etc. behind your back you have the right to ask for all the information that relates to you. This can be emails that include your name (not necessarily sent to you), any instant messages that include your name etc. Could open it up for a few tribunals...
Does anyone have a link to where this is formally publicised?
1. The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:
(a) the purposes of the processing;
(b) the categories of personal data concerned;
(c) the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular
recipients in third countries or international organisations;
(d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used
to determine that period;
(e) the existence of the right to request from the controller rectification or erasure of personal data or restriction of
processing of personal data concerning the data subject or to object to such processing;
(f) the right to lodge a complaint with a supervisory authority;
(g) where the personal data are not collected from the data subject, any available information as to their source;
(h) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in
those cases, meaningful information about the logic involved, as well as the significance and the envisaged
consequences of such processing for the data subject.
2. Where personal data are transferred to a third country or to an international organisation, the data subject shall
have the right to be informed of the appropriate safeguards pursuant to Article 46 relating to the transfer.
3. The controller shall provide a copy of the personal data undergoing processing. For any further copies requested
by the data subject, the controller may charge a reasonable fee based on administrative costs. Where the data subject
makes the request by electronic means, and unless otherwise requested by the data subject, the information shall be
provided in a commonly used electronic form.
4. The right to obtain a copy referred to in paragraph 3 shall not adversely affect the rights and freedoms of others.
2 -
Might just be us then, but then we are one of the oldest organisations in the country.WSS said:
I'm 99% sure that is not true. People have had since April 2016 to "work towards" being compliant.Dazzler21 said:Just to confirm, by May you only have to evidence you are working towards being GDPR compliant.
It am currently working on a consent management piece of work. It's crazy the hoops you have to jump through and this is for people actively seeking marketing!
Come May 25th the directive is enforceable.
Fortunately I'm not on the GDPR project, I am working on projects that are affected by it though.0 -
I'm not sure I agree with that totally. There is an element of truth in what you are saying but people will soon become aware that they can make life a misery for companies that don't comply. A disgruntled employee, for example, will be able to get the ICO to investigate a company's procedures and compliance. I wouldn't dismiss it at this stage.Leroy Ambrose said:Another scam, like most of y2k was. Just a way for hustlers and lawyers to make piles of cash out of you. Won't make a blind bit of difference, other than a few token wrist slaps - data breaches will still go unreported. Most of the dire warnings are being out out by people who have a vested interest in rinsing you for cash.
0 -
Yes mate it is, not read rest of the thread but I'm working on GDPR which is an 'upgrade' on current DPA legislation. Basically, apart from many other rules, it does give the individual the opportunity to see what data is being held on them and this can include emails etc, it also give the individual the "Right to be Forgotten".stonemuse said:Isn't this the stuff that @Redmidland has been handling on his round the world tour?
All companies will also have to self-report any Data breaches, all FOI's have to be answered (there are some exemptions) and all SAR's must be answered in a shorter timescale than now and applying will be free. Maximum fines will increase from £500k to either 4% global turnover or circa £15m, whichever is the greater. The ICO stops being government funded as from May 2018, income will be generated by fines we presume.
Link here -: https://ico.org.uk/for-the-public/
Just a point the GDPR is still being 'tweaked' and may change further before 25/5/18
Edit, now read the rest of the thread, my company (University) has set up an 'Information Protection Unit' which I have worked for since Dec 2016. My remit is to check wherever we collect/store/transmit data (students/staff) we do so securely. My job involves me having to visit our offices around the globe (not just EU) where we have this data, as all offices are covered by GDPR. There is a long way to go for many companies, and it should be taken seriously, the ICO wont accept "we didn't know about it" as an excuse...believe me.3 - Sponsored links:
-
Redmidland said:
Yes mate it is, not read rest of the thread but I'm working on GDPR which is an 'upgrade' on current DPA legislation. Basically, apart from many other rules, it does give the individual the opportunity to see what data is being held on them and this can include emails etc, it also give the individual the "Right to be Forgotten".stonemuse said:Isn't this the stuff that @Redmidland has been handling on his round the world tour?
All companies will also have to self-report any Data breaches, all FOI's have to be answered (there are some exemptions) and all SAR's must be answered in a shorter timescale than now and applying will be free. Maximum fines will increase from £500k to either 4% global turnover or circa £15m, whichever is the greater. The ICO stops being government funded as from May 2018, income will be generated by fines we presume.
Link here -: https://ico.org.uk/for-the-public/
Just a point the GDPR is still being 'tweaked' and may change further before 25/5/18
Edit, now read the rest of the thread, my company (University) has set up an 'Information Protection Unit' which I have worked for since Dec 2016. My remit is to check wherever we collect/store/transmit data (students/staff) we do so securely. My job involves me having to visit our offices around the globe (not just EU) where we have this data, as all offices are covered by GDPR. There is a long way to go for many companies, and it should be taken seriously, the ICO wont accept "we didn't know about it" as an excuse...believe me.
So does that mean my Thailand office a branch of the UK charity will fall under GDPR even if they dont handle data of EU residents? Cannot get any clarity on this point
Thanks0 -
My understanding is that you should not be transmitting personal data to any entity unless you have a legally binding agreement that sets out the restrictions on what they can do with that data to ensure it is handled consistently in line with your own GDPR compliant procedures.kimbo said:Redmidland said:
Yes mate it is, not read rest of the thread but I'm working on GDPR which is an 'upgrade' on current DPA legislation. Basically, apart from many other rules, it does give the individual the opportunity to see what data is being held on them and this can include emails etc, it also give the individual the "Right to be Forgotten".stonemuse said:Isn't this the stuff that @Redmidland has been handling on his round the world tour?
All companies will also have to self-report any Data breaches, all FOI's have to be answered (there are some exemptions) and all SAR's must be answered in a shorter timescale than now and applying will be free. Maximum fines will increase from £500k to either 4% global turnover or circa £15m, whichever is the greater. The ICO stops being government funded as from May 2018, income will be generated by fines we presume.
Link here -: https://ico.org.uk/for-the-public/
Just a point the GDPR is still being 'tweaked' and may change further before 25/5/18
Edit, now read the rest of the thread, my company (University) has set up an 'Information Protection Unit' which I have worked for since Dec 2016. My remit is to check wherever we collect/store/transmit data (students/staff) we do so securely. My job involves me having to visit our offices around the globe (not just EU) where we have this data, as all offices are covered by GDPR. There is a long way to go for many companies, and it should be taken seriously, the ICO wont accept "we didn't know about it" as an excuse...believe me.
So does that mean my Thailand office a branch of the UK charity will fall under GDPR even if they dont handle data of EU residents? Cannot get any clarity on this point
Thanks0 -
It's an insane ill thought plan.
To scrub your name from all files, emails and data you create while working for a company is so hard to maintain. It took a Law firm over 6 months to remove someones name from everything once they requested it.
Impemented by people who do not understand IT and how systems work.0 -
Hi @kimbo I'm trying to get clarification for you, should have an answer by Saturday. I'll let you know as soon as I do.kimbo said:Redmidland said:
Yes mate it is, not read rest of the thread but I'm working on GDPR which is an 'upgrade' on current DPA legislation. Basically, apart from many other rules, it does give the individual the opportunity to see what data is being held on them and this can include emails etc, it also give the individual the "Right to be Forgotten".stonemuse said:Isn't this the stuff that @Redmidland has been handling on his round the world tour?
All companies will also have to self-report any Data breaches, all FOI's have to be answered (there are some exemptions) and all SAR's must be answered in a shorter timescale than now and applying will be free. Maximum fines will increase from £500k to either 4% global turnover or circa £15m, whichever is the greater. The ICO stops being government funded as from May 2018, income will be generated by fines we presume.
Link here -: https://ico.org.uk/for-the-public/
Just a point the GDPR is still being 'tweaked' and may change further before 25/5/18
Edit, now read the rest of the thread, my company (University) has set up an 'Information Protection Unit' which I have worked for since Dec 2016. My remit is to check wherever we collect/store/transmit data (students/staff) we do so securely. My job involves me having to visit our offices around the globe (not just EU) where we have this data, as all offices are covered by GDPR. There is a long way to go for many companies, and it should be taken seriously, the ICO wont accept "we didn't know about it" as an excuse...believe me.
So does that mean my Thailand office a branch of the UK charity will fall under GDPR even if they dont handle data of EU residents? Cannot get any clarity on this point
Thanks1 -
Any chance that you can let us know the name of the firm that your consulting with mate, seeing as they find protecting personal data and complying with regulations that are there to ensure such to be a ball ache!cafcpolo said:Is a ball ache for the firm I'm consulting at as although their business is in Asia, they hold data for EU citizens which means they must be compliant.
Fine usually, except the working practices around data protection out there are shocking. Plenty of fun and games to be had over the next four months.
Just so I can make sure that I steer clear of them, that's all. Cheers.
0 -
Went to a meeting about this today and mentioned there was a post on CL about this subject.
Apparently I cannot get all my information from this board!3 -
-
Snore0
-
...sooner take the risk of getting fined 4% of turnover0
-
I'm (seriously) looking to become one of the GDPR 'experts' in Lux. I was meant to be on GDPR Certification course in Brussels this week, but got cancelled at last minute.0
- Sponsored links:
-
I knew there was a reason that my company have a 48hr window for Google hangouts to hold data for!WSS said:Also, if you're an employee (or anyone else) and think that your boss or any other staff member have been slagging you off etc. behind your back you have the right to ask for all the information that relates to you. This can be emails that include your name (not necessarily sent to you), any instant messages that include your name etc. Could open it up for a few tribunals...
0
