topic Re: Anyone else sick of hearing the letters GDPR? in Off-Topic

Anyone else sick of hearing the letters GDPR?

Anonymous — Thu, 24 May 2018 19:30:51 GMT

I'm not complaining about the tightening of the law but had enough of the e-mails and TV coverage, have you?

Re: Anyone else sick of hearing the letters GDPR?

Cleoriff — Thu, 24 May 2018 19:55:27 GMT

Certainly am fed up of it. I shop for everything online and I am constantly bombarded with emails....

What amuses me, is the different methods they have in place. Varies from company to company

Some it's a simple click to say yes or no...others it's a very long drawn out process where you MUST read the privacy policy before you are allowed to continue.

Re: Anyone else sick of hearing the letters GDPR?

Anonymous — Thu, 24 May 2018 20:05:10 GMT

@Cleoriff

Had to do online training at work followed by a quiz which is understandable but has compounded my boredom with the whole thing :), just like the rest of the working population.

Re: Anyone else sick of hearing the letters GDPR?

Cleoriff — Thu, 24 May 2018 20:17:45 GMT

Thank god I have retired then @Anonymous.

Though I'm unsure what sort of involvement the NHS would have with this. Just look at the data we hold on patients.

I have just read this BBC report regarding the effect on Tech companies

http://www.bbc.co.uk/news/technology-44239126

Re: Anyone else sick of hearing the letters GDPR?

Anonymous — Thu, 24 May 2018 20:22:55 GMT

@Cleoriff

You'd have had to go through it no doubt.

The principles are pretty much common sense:

Collect only the info you need to carry out your business.
Use it for only those purposes and ask if you want to do anything else with it.
Keep it secure
Securely remove it when you no longer need it.

Re: Anyone else sick of hearing the letters GDPR?

Bambino — Thu, 24 May 2018 20:28:29 GMT

Yes, I find it all tedious, but it was necessary, and long overdue. The good news is that once tomorrow's deadline comes and goes, the emails will start to taper off and eventually stop.

Re: Anyone else sick of hearing the letters GDPR?

Cleoriff — Thu, 24 May 2018 20:44:57 GMT

All NHS Employees are bound by a code of confidentiality as part of their contract..

I think we would probably have held a series of workshops for departmental heads...making it their responsibility to cascade the information down to their respective staff. (This presumption is made purely on how I would have handled it as head of training and development aeons ago)

Re: Anyone else sick of hearing the letters GDPR?

Shaun-2018 — Thu, 24 May 2018 20:47:13 GMT

so, if you decided to opt out of marketing or other subs as per GDPR. how do you know, 1) that relevant data that needs deletig IS deleted? and in case 2), assuming you have actually opted INTO a mailig lst or whatever, how do you verify that the data you supply is properly and securely stored?. more often than not personal data is stored over multiple "partner" services affiliated with the company or organization you are dealing with directly. add to that, there are some exemptions to GDPR compliance for data erasure and retention. while the GFPR serves a valid purpose, I can see scope for abuse of theese regulations.

Re: Anyone else sick of hearing the letters GDPR?

Anonymous — Thu, 24 May 2018 20:54:28 GMT

@Shaun-2018

If you have conncerns you can always complain to the ICO who can turn up unannounced to carry out an inspection.

But as you say, there will undoubtedly be loopholes

Re: Anyone else sick of hearing the letters GDPR?

Bambino — Thu, 24 May 2018 21:12:56 GMT

The BBC have done a short quiz. How good is your knowledge about GDPR? I only got 6/9

http://www.bbc.com/news/technology-44224802

Re: Anyone else sick of hearing the letters GDPR?

sheepdog — Thu, 24 May 2018 21:20:34 GMT

@Shaun-2018 wrote:
so, if you decided to opt out of marketing or other subs as per GDPR. how do you know, 1) that relevant data that needs deletig IS deleted? and in case 2), assuming you have actually opted INTO a mailig lst or whatever, how do you verify that the data you supply is properly and securely stored?. more often than not personal data is stored over multiple "partner" services affiliated with the company or organization you are dealing with directly. add to that, there are some exemptions to GDPR compliance for data erasure and retention. while the GFPR serves a valid purpose, I can see scope for abuse of theese regulations.

You can ask for a Subject Access Request (SAR) at the first level and the company has to comply within 30 days then the ICO can be involved but not before - sound familiar with OFCOM? This is free of charge which also includes CCTV footage though if the request is complex then a reasonable charge may be applied.

By what I've discovered over a couple of courses recently, these 3rd parties that have the info are part of the process - there are two roles: a data controller and a data processor. Say o2 gave your data to a 3rd party then o2 are the 'data controller' and the 3rd party the 'data processor' of which o2 are responsible for. In essence both parties are liable for any breach.

There should be a defined document on how long data is held for and in the case of a data processor, only kept for as long as necessary for the purpose then must be deleted. Ditto for the controller though there is the slightly ambiguous term "legitimate interest" and there is a legal aspect that comes into play here for example HRMC have their requirements that can span years.

Though in the first year or so, don't expect much legal activity for non-compliance as its a brand new and untested law so companies are going to have to work out a lot of things as they happen in regards to the process. Key point is that if a company is in breach and are ignorant with no GDPR process in place then they will be hauled up rather quickly than one is pro-active.

As for me, its the issues of what "identifiable data" is and how inadvertently easy it can be classed as a data breach. An example I was given last week was a rota in a public area with peoples names on it! Taking it a bit further, I'm having to remove a wifi semi-public access point purely on the fact that the MAC address is logged and with a CCTV in place, that is someone who can be easily identified thus subject to a SAR (oh the irony...). It really is easier to remove things to remove any risk of breaching GDPR and incurring fines.

Re: Anyone else sick of hearing the letters GDPR?

sheepdog — Thu, 24 May 2018 21:29:30 GMT

@Bambino wrote:
The BBC have done a short quiz. How good is your knowledge about GDPR? I only got 6/9
http://www.bbc.com/news/technology-44224802

So did I but then again, BBC quizzes are pretty dumb intending to make sure you are wrong due to wording. The quiz on "We can guess your age from your taste in music" sadly got it completely wrong by about 20 years

Oh well back to unsubscribing from multiple lists which is no bad thing really. BTW, seeing a lot of logging out and re-acceptance of cookies appearing over the last couple of days in the run-up to the 25th.

Re: Anyone else sick of hearing the letters GDPR?

darrengf — Thu, 24 May 2018 21:34:14 GMT

I’ve hardly had any emails, only 107 of the things.

what I’ve even had is couple of them saying if you don’t respond we take it you don’t want us to contact you again.

Yep that’s correct I thought.

then I get another email saying are you sure

yep yep I am.

can it all go quiet now please. I would like to stop getting 8 emails a day. If I want you I’ll call you.

old saying. Don’t call me, I will call you lol

Re: Anyone else sick of hearing the letters GDPR?

Bambino — Thu, 24 May 2018 22:00:15 GMT

The deadline is tomorrow, so it will quiet down.....I hope. To be honest, I haven't minded all the emails. It means that most companies are complying, and there are lots of things I subscribed to long ago that I'm not interested in any more, so it's reminded me to opt out if I choose to, rather than me ignoring it and it filling up my inbox or just deleting the mail.

Re: Anyone else sick of hearing the letters GDPR?

jonsie — Fri, 25 May 2018 00:44:23 GMT

I've been inundated with them too but why have they all left it so near to the deadline to comply? Must all be consulting their lawyers. I'm amazed at the number I've had from long-forgotten websites that I don't think I ever signed up to. Never heard of half of them!!

Re: Anyone else sick of hearing the letters GDPR?

Cleoriff — Fri, 25 May 2018 05:47:18 GMT

Good point @jonsie. The fact they are all coming in droves, is what makes me lose patience. Ultimately I think some companies will miss out, as people will think Oh god not another one... and just delete