Please or to access all these features

Add post

Watch this thread

Save thread

Start a new thread

Flip thread

Hide thread

My feed

Active Unanswered threads

Getting started FAQ's

Unanswered threads Acronyms Talk guidelines

Hide shortcut buttons

Talk

Work

Chat with other users about all things related to working life on our Work forum.

Flip

1 2 3 4 5 6 7 8

Original poster

GDPR - training!

193 replies

Fekko · 06/09/2017 07:28

Does anyone know of and decent courses to get to grips with this? I've read up on it but still have questions.

OP posts:

AsAProfessionalFekko · 04/04/2018 08:02

I can't quite work out if we need to join the ICO. When I called them they said 'no, errrr yes, I think so'.

Our accountant won't take that as a reason to pay the fee

gussyfinknottle · 04/04/2018 08:05

You don't "join the ICO". If you mean register as a data controller, keep a record of your conversation with them. Write in if you are not sure.

daisychain01 · 04/04/2018 11:40

We are a buying group so if we can't tell our customers about the new offers (they pay to be part of the group), what's the point?

GDPR is there to stop organisations from abusing the privilege of using customer data they already have, to send them unsolicited marketing blurb and sales pitches.

However, if the company can legitimately justify that they are advising customers of an offer under 'legitimate use' of their data, ie that the offer is of primary benefit to the customer, then it is compliant with GDPR. So that may be of some reassurance to you.

gussyfinknottle · 26/04/2018 08:02

There is a Twitter Q&A today with a senior person at the Information Commissioner's Office between 2 and 3. Ask them and see what they say.

CountingToThree · 26/04/2018 11:01

I am finding this facebook group very useful (for freelancers, small businesses)

www.facebook.com/groups/GDPRforonlineentrepreneurs/

thatstoast · 29/04/2018 17:05

Can I ask a very daft question about GDPR?

What counts as sharing data? There are specific instances where we obviously share data - when we pass information over to auditors for example.

However, we also use a database which, at present, anyone in the organisation can access. So are we sharing that information with other departments even though they'd have no reason to access it?

gussyfinknottle · 29/04/2018 21:34

Does everyone in the organisation need to access the info? That would be my first question. It might well be that they do if there's a business reason for it. But, as an extreme example, you don't need to access the stuff your HR department has . Or you might need the odd bit as a manager.
Data sharing is usually between organisations rather than within an organisation.

leghairdontcare · 29/04/2018 22:36

No, nobody else needs it. I read in the ico website that sharing within organisations can fall under gdpr. We're not purposely sharing it, it's just that there are no systems in place to stop other people accessing it.

gussyfinknottle · 30/04/2018 07:11

Everything you do with people's information falls under GDPR. As it does under the current DPA. You are kidding yourself if you think it doesn't. It's all about doing sensible stuff with such info and making sure you know what people's rights are.

gussyfinknottle · 30/04/2018 07:15

If you have no system in place to stop unauthorised access internally you may well already be breaching the security requirements of the current DPA - principle 7. Not a crime but what can be worse is the bad publicity if someone does something criminal and nicks it. Or does something non-criminal like exposing you to losing it.

leghairdontcare · 30/04/2018 08:43

My point is that the organisation doesn't consider it unauthorized access as it's only available to staff but as it stands I can access customer information that has nothing to do with the project I'm working on and vice versa. I'm trying to get them to take things more seriously.

gussyfinknottle · 30/04/2018 08:53

Should be a trail if who accessed what and when. Individuals who access customer data for their own purposes can be committing a criminal act. It's one of the few criminal bits of DPA right now. And if you don't have safeguards against that, it isn't criminal but the bad publicity would stink.

EmmaC78 · 09/05/2018 18:26

How is everyone feeling with 16 days to go? I feel as though there is still a lot to do.

greencokecan · 12/05/2018 22:56

This reply has been deleted

Message deleted by MNHQ. Here's a link to our Talk Guidelines.

juneybean · 21/05/2018 12:43

Gosh 4 days to go and I'm getting worried!

QueJamones · 07/06/2018 20:39

Having a hideous time at work as everyone is panicking and blaming GDPR for everything, stopping doing stuff, etc. Can't get on with doing the stuff we need to do for answering stupid questions ('is it a breach to address an envelope?') and dealing with something of an onslaught of SARs... grrr. Have some compassion for your poor DPOs!

ragged · 07/06/2018 20:42

Our DPO said categorically that anyone recognisable in a photo made it personal data, if you can tell who and where plus maybe even when & why, it's not the sensitive data, but it's personal alright so all GDPR applies to it.

I wonder how pictures in newspaper will be handled. Lots of overseas websites won't let me on now due to GDPR. I loathe GDPR.

lostinsunshine · 07/06/2018 20:55

There's a journalism exemption. Just cos something is personal data doesn't mean you can't process it.

Flip

1 2 3 4 5 6 7 8