Jonathan Norman Il y a 6 années I have a nasty feeling that GDPR is going to sneak in under the radar for many organizations, which will be a big shock to the system. Répondre 0 Répondre en tant que ... Annuler
Former Member Il y a 6 années - Edité 'UK organisations, including the public sector, will face a £17 million fine if they fail to protect against personal data breaches or 4% of their turnover.' A bit of scaremongering here! Fines are up to, not will be. Répondre 1 Répondre en tant que ... Annuler Former Member Former Member Il y a 6 années Indeed, in fact the ICO has been clear that fines will be relevant and proportionate and take into account the organisations ability to pay. I don't think the ICO will be in the business of bankrupting NHS Trusts or Local Authorities, as Central Government will be forced to bail them out. I suspect fines will remain at approximately the same level as those previously imposed on the public sector to date. We await the passing of the UK DP Act and those first key ICO decision notices........... Répondre 0 Répondre en tant que ... Annuler Former Member Former Member Il y a 6 années Exactly, even if the fines go back into the government’s coffers, ICO still won’t want to bankrupt the public sector. Répondre 0 Répondre en tant que ... Annuler
Former Member Former Member Il y a 6 années Indeed, in fact the ICO has been clear that fines will be relevant and proportionate and take into account the organisations ability to pay. I don't think the ICO will be in the business of bankrupting NHS Trusts or Local Authorities, as Central Government will be forced to bail them out. I suspect fines will remain at approximately the same level as those previously imposed on the public sector to date. We await the passing of the UK DP Act and those first key ICO decision notices........... Répondre 0 Répondre en tant que ... Annuler Former Member Former Member Il y a 6 années Exactly, even if the fines go back into the government’s coffers, ICO still won’t want to bankrupt the public sector. Répondre 0 Répondre en tant que ... Annuler
Former Member Former Member Il y a 6 années Exactly, even if the fines go back into the government’s coffers, ICO still won’t want to bankrupt the public sector. Répondre 0 Répondre en tant que ... Annuler
Tim Burkinshaw Il y a 6 années I was hoping to read some specific examples here of what changes are expected. Such as: - For existing lists of contact details (eg mailchimp email list of subscribers to our Biodiversity Partnership), what do I need to inform them and what questions do they need to agree to if they continue to be on the mailing list? - How will data protection apply differently to Social Media contact details, eg a twitter handle is already in public domain but as soon as I write that down in a list of contacts and store it in a file does it become liable to DPA or GDPR rules? Répondre 2 Répondre en tant que ... Annuler Nigel Dexter Tim Burkinshaw Il y a 6 années Tim, for existing lists, if the use is in compliance with the GDPR and you don't expect that use to change, then there's little more to do, apart from, perhaps as a courtesy note to advise them of the GDPR and their rights etc. This can be done as part of your usual correspondence/messaging. I take it there's no direct marketing or reselling of their contact details? If so, the forthcoming e-Privacy Regulation is the one to watch! In answer to your second Q - YES. A 'blog post' would be created by an individual (unless working on behalf of a commercial concern), for 'domestic purposes'. As soon as a data controller records it and makes further use of it, they would need a separate lawful purpose to do so because they could not claim the 'domestic' purpose. Répondre 0 Répondre en tant que ... Annuler
Nigel Dexter Tim Burkinshaw Il y a 6 années Tim, for existing lists, if the use is in compliance with the GDPR and you don't expect that use to change, then there's little more to do, apart from, perhaps as a courtesy note to advise them of the GDPR and their rights etc. This can be done as part of your usual correspondence/messaging. I take it there's no direct marketing or reselling of their contact details? If so, the forthcoming e-Privacy Regulation is the one to watch! In answer to your second Q - YES. A 'blog post' would be created by an individual (unless working on behalf of a commercial concern), for 'domestic purposes'. As soon as a data controller records it and makes further use of it, they would need a separate lawful purpose to do so because they could not claim the 'domestic' purpose. Répondre 0 Répondre en tant que ... Annuler
Former Member Il y a 6 années GDPR is unfortunately being viewed mainly in conjunction with cyber-security, therefore rather than taking Elliot's approach of reviewing data/information holistically, and involving all staff, managers are looking for "technical silver bullet". I have been reviewing various websites including the ICO's 12-step guidance, and the only pragmatic info I gained was through Des Ward at Innopsis (latterly the PSN governing board) Répondre 0 Répondre en tant que ... Annuler