[Wolves] GDPR compliance

Thu May 24 08:41:08 UTC 2018

On 23/05/18 19:04, Richard Barker via Wolves wrote:
> At work we're as compliant as we know how to be, luckily we only really
> deal with other limited companies though.

You still need to have a GDPR policy in place. This is part of a larger policy I wrote for work (Feel free to use it)

*What we collect*
"[Insert Company Name] collects data about you that is limited to the kind of information that can be found on a typical business card: first name, last name, job title, employer/company name, work address, work email, and work phone number. In some cases, we may ask you to provide additional professional information such as the size of the company you work for, and industry type."

*How we use it*
"In order for us to provide the products, content or services you request, we need your personal data. Therefore, if you do not provide such personal data, we cannot deliver the products, content or services."

Those aren't the actual headings I've used by the way.

> I really feel for anyone that
> deals with the general public. I know that some of our international
> partners have the attitude "we're not an EU business, so we're doing
> nothing." It'll be interesting to watch how that plays out.

That's wrong too! If your business (From outside the EU) trades with, or through, ANY EU (Including the UK when we leave) company they MUST comply with elements the GDPR that applies to their transactions.

> One thing that has occurred to me is forums or anywhere that allows private
> messages. If two users send private messages gossiping about a third user
> and the third user files a GDPR request, are those PM's covered by it?

Technically, yes. The legislation states that nobody can hold data that maybe detrimental or could cause damage to an individual. It also clearly states that ALL data must be handed over to the owner, namely you. So by definition if some moron has been saying "That Pete Cannon is full of venom" because my name has been mentioned then I have a vested interest in that data. Having said that, this is where it gets interesting because the hosting service, lets pretend it's Wolves LUG, could counter argue that releasing that /PM would cause them harm or damage. I suspect we will in the near future see a court case to clarify this. Personally I'm in the "Publish and be damned" camp on this one. I think you and everyone else should know what spineless people say about you behind your back and not in public where they might be called to account.

> This whole GDPR thing seems very ripe for the law of unintended
> consequences to me.

EXACTLY! I saw someone I know post on Facebook yesterday "I'm looking forward to no more spam." This not only shows the naivety of the author but the total lack of understanding of the implications with this legislation. Don't get me wrong, some bits of it are good, there are areas that need tightening up. I just feel that there's a lot of it that by its ambiguity and "Open to interpretation" it's bad and should be delayed for a year or more .

Going off on a tangent, here's a question: How is a company going to be able to advertise/sell if we're no longer allowed to ---
Telephone - TPS
Fax - FPS
Email - GDPR

That only leaves TV and Radio adverts which people avoid like the plague and are insanely expensive or Newspaper and magazine adverts. Think about it for a moment, if I contact someone for permission to contact them and they are on one or more 'lists' I'm breaking the law. Maybe the infrastructure should collapse and we can all sit at home drawing the dole congratulating ourselves that we didn't get three or four unsolicited emails this week. Are people really that dim that they think a company can afford to sit there on their hands playing the "Lets only do reactive sales coz proactive is impossible now" and waiting for that one phone call from an individual to order a boiler? ;-) #RantOver

-- 
Regards
Peter Cannon

IRC: dick_turpin @ freenode.net
https://mastodon.org.uk/@dick_turpin
https://twitter.com/dick_turpin
http://www.cannon-linux.co.uk
https://plus.google.com/100694334141523232451/posts
Podcast: http://tdtrs.co.uk

"Be who you are and say what you feel because those who mind don't matter and those who matter don't mind."