Regulation (EU) 2016/6791, the European Union’s new General Data Protection Regulation (‘GDPR’), regulates the processing by an individual, a company or an organisation of personal data relating to individuals in the EU.
It doesn’t apply to the processing of personal data of deceased persons or of legal entities.
The rules don’t apply to data processed by an individual for purely personal reasons or for activities carried out in one’s home, provided there is no connection to a professional or commercial activity. When an individual uses personal data outside the personal sphere, for socio-cultural or financial activities, for example, then the data protection law has to be respected.
A complete guide and overview of the new GDPR going into effect in the EU later this month. It’s a very comprehensive set of privacy regulations that virtually all technology – and others – will have to comply with.
“5 simple questions to ask yourself”
https://youtu.be/uGa2JGEKCRg
The important thing is not to panic, most organisations I deal with are far from ready but there is far too much scaremongering going on from people who just want to make a quick buck.
I’ve probably had around five scam e-mails this week from people claiming to help with compliance and several more from people asking whether one site or another is up to par with GDPR.
The sad thing is most of the (real) documentation on GDPR is so vague to be basically meaningless. It’s difficult to apply rules that don’t really say anything definite, which is probably why so many scammers are using it. It’s easier to trick people using something they don’t understand.
I disagree. Though there’s a lot of legalese to skim through, and tons of provisions for specific business branches, I think most is fairly comprehensive, especially for an EU directive. Did you read it yourself at all, or are you just parotting other people’s misconceptions?
Hm, IIRC I had ads here on OSAlert claiming to help with GDPR…
PS. And now under this story for “free email course” about it …with a weird map of supposedly EU, missing ~eastern members.
Edited 2018-05-04 20:23 UTC
Another silly piece of legislation from the EU that ignores the reality of the internet.
It is much like the “right to be forgotten”.
We all know once it is on the internet, it is one there forever. That is why Revenge Porn, can never be really scrubbed, there is going to be a site somewhere that has it and someone will be able to find it.
Obviously I don’t condone such actions, but unfortunately once it is out there, anyone can copy and host it somewhere else.
Edited 2018-05-02 21:17 UTC
And it completely ignores what companies do and what they say.
“Access to your data? Erm no, this is our data, and you cannot access it, the system doesn’t provide a facility for that.”
“We cannot tell you which data we have because data protection and privacy laws force us to keep it secret.”
“If we would be able to output data from our systems – which we aren’t -, it would be tons of paper to be printed. You surely cannot afford that.”
“We only have Intranet, we cannot send out anything.”
“You don’t have the right to access your data, you signed a contract.”
“By using our product, as per the terms of service which you accepted by clicking ‘Continue’, you transferred all your rights to us.”
“Sorry, we cannot process your request due to legal reasons. Please go away and pay a lawyer to tell you the same.”
“We do not give confidential information to individuals. Only a judge or a spying agency is supposed to access them.”
“Are you crazy? Using your data is what we make our money with! If we told you how we do it, anyone could do it!”
“Sorry, we do not store or process your data here. We have a contractor for outsourcing who is responsible for that. Of course we cannot tell you more because that would violate our business agreements.”
Such attitudes (and similar ones) can be found in many branches of industry. It doesn’t matter if it’s a regular ISP, a cellphone operator, a credit card firm, a recruiting agency, an online shop with their advertisement partners, or someone just running a flashlight app for data collection. There are also more than sufficient loopholes which will allow companies to continue doing what they want with their users’ data.
Those companies will keep in mind that the fine they risk by not complying is 4% of yearly revenue or 20 million USD, whichever is higher.
So don’t be defeatist, we will see soon enough what those big companies will do to thwart these regulations.
Nothing could be further from the truth. It costs money to store date and old information is constantly wiped and overwritten.[Particularly from the 90s when storage cost dollars per megabyte.]
The annual information loss rate is phenomenal.
https://www.theatlantic.com/technology/archive/2015/10/raiders-of-th…
The major search engines simply dump vast amounts of meaningless links making searches for any obscure information pointless.
Edited 2018-05-03 02:28 UTC
I recently read an article about what a small business of a photographer would have to do for GDPR compliance, it was quite scary for adding costs and taking away rights.
One example is, you are a really small business, 1 or maybe 2 persons, but you keep records of past time clients. You will suddenly have to add complexity to your record keeping.
Another example is, you have photos of people and signed forms/contracts with the right to use them. Suddenly people can revoke your right because GDPR.