Jonathan Norman 6 Years Ago I have a nasty feeling that GDPR is going to sneak in under the radar for many organizations, which will be a big shock to the system. Reply 0 Reply as... Cancel
Former Member 6 Years Ago - Edited 'UK organisations, including the public sector, will face a £17 million fine if they fail to protect against personal data breaches or 4% of their turnover.' A bit of scaremongering here! Fines are up to, not will be. Reply 1 Reply as... Cancel Former Member Former Member 6 Years Ago Indeed, in fact the ICO has been clear that fines will be relevant and proportionate and take into account the organisations ability to pay. I don't think the ICO will be in the business of bankrupting NHS Trusts or Local Authorities, as Central Government will be forced to bail them out. I suspect fines will remain at approximately the same level as those previously imposed on the public sector to date. We await the passing of the UK DP Act and those first key ICO decision notices........... Reply 0 Reply as... Cancel Former Member Former Member 6 Years Ago Exactly, even if the fines go back into the government’s coffers, ICO still won’t want to bankrupt the public sector. Reply 0 Reply as... Cancel
Former Member Former Member 6 Years Ago Indeed, in fact the ICO has been clear that fines will be relevant and proportionate and take into account the organisations ability to pay. I don't think the ICO will be in the business of bankrupting NHS Trusts or Local Authorities, as Central Government will be forced to bail them out. I suspect fines will remain at approximately the same level as those previously imposed on the public sector to date. We await the passing of the UK DP Act and those first key ICO decision notices........... Reply 0 Reply as... Cancel Former Member Former Member 6 Years Ago Exactly, even if the fines go back into the government’s coffers, ICO still won’t want to bankrupt the public sector. Reply 0 Reply as... Cancel
Former Member Former Member 6 Years Ago Exactly, even if the fines go back into the government’s coffers, ICO still won’t want to bankrupt the public sector. Reply 0 Reply as... Cancel
Tim Burkinshaw 6 Years Ago I was hoping to read some specific examples here of what changes are expected. Such as: - For existing lists of contact details (eg mailchimp email list of subscribers to our Biodiversity Partnership), what do I need to inform them and what questions do they need to agree to if they continue to be on the mailing list? - How will data protection apply differently to Social Media contact details, eg a twitter handle is already in public domain but as soon as I write that down in a list of contacts and store it in a file does it become liable to DPA or GDPR rules? Reply 2 Reply as... Cancel Nigel Dexter Tim Burkinshaw 6 Years Ago Tim, for existing lists, if the use is in compliance with the GDPR and you don't expect that use to change, then there's little more to do, apart from, perhaps as a courtesy note to advise them of the GDPR and their rights etc. This can be done as part of your usual correspondence/messaging. I take it there's no direct marketing or reselling of their contact details? If so, the forthcoming e-Privacy Regulation is the one to watch! In answer to your second Q - YES. A 'blog post' would be created by an individual (unless working on behalf of a commercial concern), for 'domestic purposes'. As soon as a data controller records it and makes further use of it, they would need a separate lawful purpose to do so because they could not claim the 'domestic' purpose. Reply 0 Reply as... Cancel
Nigel Dexter Tim Burkinshaw 6 Years Ago Tim, for existing lists, if the use is in compliance with the GDPR and you don't expect that use to change, then there's little more to do, apart from, perhaps as a courtesy note to advise them of the GDPR and their rights etc. This can be done as part of your usual correspondence/messaging. I take it there's no direct marketing or reselling of their contact details? If so, the forthcoming e-Privacy Regulation is the one to watch! In answer to your second Q - YES. A 'blog post' would be created by an individual (unless working on behalf of a commercial concern), for 'domestic purposes'. As soon as a data controller records it and makes further use of it, they would need a separate lawful purpose to do so because they could not claim the 'domestic' purpose. Reply 0 Reply as... Cancel
Former Member 6 Years Ago GDPR is unfortunately being viewed mainly in conjunction with cyber-security, therefore rather than taking Elliot's approach of reviewing data/information holistically, and involving all staff, managers are looking for "technical silver bullet". I have been reviewing various websites including the ICO's 12-step guidance, and the only pragmatic info I gained was through Des Ward at Innopsis (latterly the PSN governing board) Reply 0 Reply as... Cancel