Stands for General Data Protection Regulation.
It is being introduced this May after a 2 year introduction period by the EU for any company,anywhere wanting to trade with any EU country. If you are not GDPR Certified then you wont be able to do 'business' within the EU.
Anyone got certification?/knowledge/any idea?
0
Comments
In the UK it’s a more robust form of the data protection act and the fines are huge if the ICO follow through with their threats.
Nobody really knows the impact at the moment it seems. There’s loads of people and firms who are trying to sell consultancy. Jump on the ICO site and look at their checklists and guidelines for the foundations.
Consent is the big thing though. You need explicit consent from anyone on databases etc to use their personal info (email, phone number anything). This includes existing “customers” - everyone should be now getting the consent to carry on “business as usual”. Opting out also needs to be as giving consent. All those annoying tick boxes and ambiguous statements on web pages should be a thing of the past.
GDPR is a good thing. It’s a lot of work for companies but to get an idea of what personal data companies have on you, submit a subject access request to a online dating site. You’ll be shocked what can be assertained from swiping left and right.
It's essentially a EU harmonisation of data protection regs which will see an enhancement of our dpa98 legislation.
If you navigated the Bitcoin thread you'll find that a piece of piss. :-)
Fine usually, except the working practices around data protection out there are shocking. Plenty of fun and games to be had over the next four months.
Was actually discussing with a colleague today about how long before the parking fine firms, train companies and councils are inundated from disgruntled customers with SARs.
There's speculation that the parasite claims management companies will focus on this once the PPI redress cash cow they've milked for a decade closes in 2019.
What a world.
We sometimes have minor breaches where I work (I sent an unsecured email myself a while back which I reported). These are only a problem if you are in denial about them or don't do anything about them.
And the last thing he told us was that anyone advertising themselves as an expert in this field is pulling a fast one, because it is going to be worked out via cases and so the detail isn't there yet.
As usual, a lot of stuff and nonsense and people trying to make money out of fear and ignorance.
I have a specific question which I am getting different answers It’s about geographical scope. We have a legal branch in Vietnam would they have to adher to GDPR or is it just for EU data. We will of course roll out best practice throughout the organisation.
I think it’s a Y2K too
https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/international-transfers/?q=children
It am currently working on a consent management piece of work. It's crazy the hoops you have to jump through and this is for people actively seeking marketing!
Come May 25th the directive is enforceable.
Also, in reference to your only post, you can use personal data without express permission if your company has a "legitimate interest". How "legitimate interest" is defined is another matter.
No doubt that you will still be able to get the cover for it as an employer but you will have to pay for it (just what small businesses need at the moment)
I think the ease of withdrawing consent is a big one and the one 'customers' will benefit from (if enforced properly). For example, take Charlton's emails they send out - you have to jump through hoops to stop them sending them to you, I've tried it. Sure it's all in hand though...