GDPR (General Data Protection Regulation). More red tape!

[Buddy Bradley]

It also gives everyone the "right to be forgotten", which I don't think anyone else in the thread has mentioned. If an organisation holds any of your personal data, you can ask them to delete every single reference they have to you (unless it's illegal for them to do so, e.g. related to crime, etc.)

This part is one of the biggest headaches for many companies, because you don't just have to be able to delete a row in your Customer_Contact database, you also need to be able to track and remove all other references to that customer (recorded calls, emails sent to various addresses, archives of old data, etc.)

 

[mrs quoad]

It also gives everyone the "right to be forgotten"

Can I have a right to forget the OP, yeah tah?

 

[weltweit]

Buddy Bradley right to be forgotten can be avoided if your communications were in respect of a contract between two or more companies. But I agree it can be a pain in the neck to properly forget someone or erase them!

 

[krink]

The government is so serious about this that everyone who works for them needs to pass a test.

It's 5 questions, you need to get 80%.

You can take the test as many times as you need to.

The questions and answers don't change.

it's ten questions! i got one wrong (not bad since i discovered you could skip the videos) and the questions don't change but the order they are in does so, y'know, it's not *that* easy

I only did it last week and i can't remember anything from it at all, is that what they mean by the right to be forgotten?

 

[DexterTCN]

it's ten questions! i got one wrong (not bad since i discovered you could skip the videos) and the questions don't change but the order they are in does so, y'know, it's not *that* easy

I only did it last week and i can't remember anything from it at all, is that what they mean by the right to be forgotten?

5 at HMRC. What branch are you?

 

[krink]

5 at HMRC. What branch are you?

local government. you hmrc lot always get the sweet end of the stick

 

[cheesethief]

It also gives everyone the "right to be forgotten", which I don't think anyone else in the thread has mentioned. If an organisation holds any of your personal data, you can ask them to delete every single reference they have to you (unless it's illegal for them to do so, e.g. related to crime, etc.)

This part is one of the biggest headaches for many companies, because you don't just have to be able to delete a row in your Customer_Contact database, you also need to be able to track and remove all other references to that customer (recorded calls, emails sent to various addresses, archives of old data, etc.)

The GDPR also gives consumers the right to have a copy of all the data held about them by an organisation. As part of the compliance work we're doing at the company I work for we're having to build the necessary mechanisms to collate & aggregate all user data - currently held disparately between a variety of different, loosely connected systems - so that the totality for an individual user can be easily downloaded by the user themselves.

This is an immense headache for more reasons than might be assumed - for one thing, the data is more than simply name/address/etc, there's huge volumes of metadata, data associated with a user that forms part of the end user experience, but really only makes sense within the context of the systems that use it - statistics around user activity that are used to determine customer recommendations or whether a user should be in a control group for marketing purposes, that kind of thing. Much of this will be meaningless drivel to the average user, but strictly speaking it's data we hold on them, so according to the GDPR is data we should make available to them, no matter how pointless an exercise that will be.

Additionally, this aspect introduces new data security & privacy concerns. Imagine what happens if a user's password is compromised - which might not be our fault, often a data breach at firm X causes problems for firm Y, because some users of both firms are moronic enough to use the same password twice - now a hacker can not only access the user's account, but at the click of a link can easily download *everything* about them, in a neatly packaged digital format, just perfect for perpetuating fraud, identity theft, etc, etc.

 

[Spymaster]

We're getting loads of emails from clients and suppliers about this now.

One of the more amusing ones:

Our updated Privacy Policy will be in effect from 25 May 2018, but if you’re too excited to wait until then you can check it out here.

 

[kabbes]

Most of these emails asking you to sign back up to spam are almost certainly unnnecessary, so long as the company has an unsubscribe mechanism and so long as they didn’t break the DPA to sign you up in the first place. But the latter proviso is the rub. Companies happily flouted the DPA whereas they are frightened of the consequences of doing so for GDPR.

GDPR is simultaneously irritating and a good thing. And if companies had not been such bastards in the first place, it wouldn’t have been necessary. But they were so it is.

 

[smmudge]

The GDPR also gives consumers the right to have a copy of all the data held about them by an organisation. As part of the compliance work we're doing at the company I work for we're having to build the necessary mechanisms to collate & aggregate all user data - currently held disparately between a variety of different, loosely connected systems - so that the totality for an individual user can be easily downloaded by the user themselves.

Also already been around for ages! Ie Data Subject Access Request, cf section 7 DPA 1998!!

 

[Shechemite]

There’s a conspiracy theory that Facebook engineered the data harvesting scandal to kill off email marketing and force businesses to use social media platforms (which gets businesses out of data protection regulations)

 

[alex_]

There’s a conspiracy theory that Facebook engineered the data harvesting scandal to kill off email marketing and force businesses to use social media platforms (which gets businesses out of data protection regulations)

The recent scandal had nothing to do with email marketing, and using social media platforms doesn’t get people out of data protection regs - so I don’t think there is much in this.

Alex

 

[alex_]

This is an immense headache for more reasons than might be assumed - for one thing, the data is more than simply name/address/etc, there's huge volumes of metadata, data associated with a user that forms part of the end user experience, but really only makes sense within the context of the systems that use it - statistics around user activity that are used to determine customer recommendations or whether a user should be in a control group for marketing purposes, that kind of thing. Much of this will be meaningless drivel to the average user, but strictly speaking it's data we hold on them, so according to the GDPR is data we should make available to them, no matter how pointless an exercise that will be.

They are trying to tell you to handle less personal data.

Companies have treated personal data poorly. Gdpr is about sending a strong signal that you should hold as little of it as possible.

Alex

 

[Shechemite]

The recent scandal had nothing to do with email marketing, and using social media platforms doesn’t get people out of data protection regs - so I don’t think there is much in this.

Alex

Yes well the recent scandal is almost certainly not been engineered by FB as part of a master plan has it?

 

[farmerbarleymow]

Also already been around for ages! Ie Data Subject Access Request, cf section 7 DPA 1998!!

Yes, but the approach under GDPR is more stringent and broad, and comes with various additional rights. Which is always a good thing.

 

[Throbbing Angel]

I have a full day GDPR course on Monday - anyone want anything asking?

 

[beesonthewhatnow]

"I need the services of a GDPR expert"

"Oh, I know someone"

"Great, can you give me their their email address?"

"No"

 

[T & P]

I see this as a great tool for declattering one’s email inbox without having to individually unsubscribe from dozens of different newsletters

 

[Spymaster]

I see this as a great tool for declattering one’s email inbox without having to individually unsubscribe from dozens of different newsletters

Doesn't work for all the non-European shit though.

 

[moochedit]

I see this as a great tool for declattering one’s email inbox without having to individually unsubscribe from dozens of different newsletters

It's the second reminder emails that amuse me.

"We notice you haven't responded to our opt in request yet. If you don't respond we will have to stop sending you emails".

Hmmm i'll get right on that...not.

 

[weltweit]

It is both a good thing for me as an individual, and a potential pain for me as an employee depending on how many SARs forget me etc demands are incoming in the coming weeks / months.

 

[BristolEcho]

Can I now email my ex boss asking for my file, and I won't have to pay?

It'd be useful for me to have all my supervisions etc while I fuck them over.

 

[Magnus McGinty]

I collect personal information.

What about the files...

 

[T & P]

Doesn't work for all the non-European shit though.

I guess not, but any purge is a welcome one. I’ve always been apprehensive about using the unsubscribe option from companies i’ve never heard of, as I suspect some newsletters are fake and a tool to get you to confirm to spammers your email address is active. So I have a lot of unwanted shit coming in all the time.

 

[T & P]

It's the second reminder emails that amuse me.

"We notice you haven't responded to our opt in request yet. If you don't respond we will have to stop sending you emails".

Hmmm i'll get right on that...not.

Some of them are now offering me money off vouchers if I opt in. Let’s see what their last offer is on the day before the deadline.

 

[Shechemite]

I (and one of my comrades) have had some er interesting communicating from a senior Scientologist stating they have ‘documentation’ on me. Wonder if I can get a copy of it under GDPR (or national equivalent)

 

[William of Walworth]

Why do you have to pay the ICO Thora, is it because you are paying to register as a data controller? not everyone has to, we for example, because we are only collecting standard business information don't have to register or pay.

I collect personal information.

Where I work, we straight away send back attempts to gain personal information sent by organistations that don't have Data Protection registration .... they absolutely have to send their ICO numbers for us to be able to help.

 

[cupid_stunt]

I have a full day GDPR course on Monday - anyone want anything asking?

Good luck in staying awake, I struggled to do so with a 2 hour course.

 

[William of Walworth]

And I'm getting nothing but mountains (digital, obvs ) of stuff about GPDR compliance at work right now.

It's a thing getting your head round the details, but GPDR really isn't THAT complicated.

Don't violate or abuse peoples' personal online privacy, and avoid doing that in your organisation/business**

If you stay sensible, you probably won't need to worry about anything other than Police CCTV surveillance of you

**</over-simplistic summary >

 

[William of Walworth]

Besides, GPDR can occasionally be a great way of spotting annoying idiots

Those as might wibble whingeingly on in pubs about red tape/bureacracy/blah-blah ....