GDPR - EU General Data Protection Regulation .. General Discussion ( Comes into force 25th May )

robut

Well-known member
Joined
Apr 6, 2008
Messages
8,729
The GDPR - EU General Data Protection Regulation - comes into force this 25th MAY 2018.

Though GDPR is EU wide, all member countries have to adjust there own data laws via bills so as GDPR fits.

In our case the new Data Protection Bill 2018 was introduced on January 30th 2981 and is being rushed through the Seanad and Dáil. The Bill must be passed by May 6th. The GDPR was finalised on April 27th 2016.

I am still unsure if this bill has been passed here yet?

According to another thread - http://www.politics.ie/forum/justice/262272-data-protection-bill-2018-our-own-again.html - this bill has get out clauses for our public bodies:

The Bill proposes to exempt public bodies from fines for breaches of data protection rights, leaving no effective sanction for negligence or deliberate wrongdoing.
Anyway - I thought we should have a GDPR GENERAL THREAD here because I THINK it has huge implications .. especially for many many businesses.

With that in mind I am finding that quiet a number of businesses - particularly small businesses / self employed - are either unaware or have not done much, if not anything in there business to do with GDPR. Many felt there could have been a far more concerted campaign by the Data Commissioner / Government to inform and assist businesses in this. Some people even said a leaflet should have gone around to all homes and businesses from the Data Commissioner / Gov over a year ago.

It seems to me ( on the ground ) that information about this and how it affects businesses and people is down to who you talk to, many different opinions and rumours as to what it will affect and what should / should not be done. In other wise everyone seems to be left to there own as to how to proceed?

Another thing - I have found many think GDPR is to do with IT and the Internet ONLY. I had to explain, I dont think so, its about ALL DATA stored, used, not just digital ... yes, paper too.

Oh and CCTV comes in under this too it seems. People being filmed on a street outside a premises for example. Here we have one of those I HEARD things ... That if CCTV is demanded by someone, anyone else in the CCTV footage has to be blurred out.

My view - It will create a huge amount of extra work for businesses, many still unaware that this is the case.

It could also become a charter for businesses to be got at from disgruntled customers AND competitors? Demanding alledged data held on them within the 30 days and so on ..

What seems a good general site on all this is - GDPR and You

SO - I know I know, for many its too taxing and creates a yawn .. BUT anyway, here ye go, a general discussion thread on the GDPR for you all. Dispell rumours, give solid info on GDPR and so on.

** MODS - Not sure where this should be .. Here in Justice OR under EU. Move if you wish ..
 
Last edited:


robut

Well-known member
Joined
Apr 6, 2008
Messages
8,729
Of course GDPR is actually more far reaching than just for Businesses. It affects many others too.

EG .. Bloggers, private individuals who might be blogging on the side as a hobby BUT collecting personal data via likes of MailChimp for newsletter or new blog post subscription.

As was mentioned elsewhere - those who might have forums for various non work related reasons around hobbies or interests.

And of course FACEBOOK Groups maybe?
 

robut

Well-known member
Joined
Apr 6, 2008
Messages
8,729
And about AWARENESS and ACTION on GDPR - I do notice it is the larger businesses, financial outfits, FDI etc have been working on this for over 2 years in the background. Assigning the person or people of responsibility to it etc.

I fear its the small business, retailer, self employed people OR private individuals who fall in under my 2nd post that have done little or no prep on this ..
 

CookieMonster

Well-known member
Joined
Feb 19, 2005
Messages
33,861
Impact of GDPR for the ordinary man?

- Hundreds of emails asking to confirm inclusion on mailing lists for thing you don't even remember signing up for
- Work will make you take some god awful online training session
 

GDPR

1
Joined
Jul 5, 2008
Messages
217,846
Impact of GDPR for the ordinary man?

- Hundreds of emails asking to confirm inclusion on mailing lists for thing you don't even remember signing up for
- Work will make you take some god awful online training session
*groans
 

PeacefulViking

Well-known member
Joined
Apr 20, 2012
Messages
2,469
Great for lawyers, bad for business, especially small business.
 

Dame_Enda

Well-known member
Joined
Dec 14, 2011
Messages
53,667
Its timely to note that the Irish bill does not include protection of journalists from data breaches.

Furthermore, this would not be going through without the connivance of FF.
 

gerhard dengler

Well-known member
Joined
Feb 3, 2011
Messages
46,739
Its timely to note that the Irish bill does not include protection of journalists from data breaches.

Furthermore, this would not be going through without the connivance of FF.
Charlie Flanagan has also sought to exempt state bodies from gdpr provisions.

Other sectors have not been afforded this cop out.
 

CookieMonster

Well-known member
Joined
Feb 19, 2005
Messages
33,861
Charlie Flanagan has also sought to exempt state bodies from gdpr provisions.

Other sectors have not been afforded this cop out.

Article 23 enables Member States to introduce derogations to the GDPR in certain situations.


Member States can introduce exemptions from the GDPR’s transparency obligations and individual rights, but only where the restriction respects the essence of the individual’s fundamental rights and freedoms and is a necessary and proportionate measure in a democratic society to safeguard:

  • national security;
  • defence;
  • public security;
  • the prevention, investigation, detection or prosecution of criminal offences;
  • other important public interests, in particular economic or financial interests, including budgetary and taxation matters, public health and security;
  • the protection of judicial independence and proceedings;
  • breaches of ethics in regulated professions;
  • monitoring, inspection or regulatory functions connected to the exercise of official authority regarding security, defence, other important public interests or crime/ethics prevention;
  • the protection of the individual, or the rights and freedoms of others; or
  • the enforcement of civil law matters.
  • What about other Member State derogations or exemptions?


Chapter IX provides that Member States can provide exemptions, derogations, conditions or rules in relation to specific processing activities. These include processing that relates to:

  • freedom of expression and freedom of information;
  • public access to official documents;
  • national identification numbers;
  • processing of employee data;
  • processing for archiving purposes and for scientific or historical research and statistical purposes;
  • secrecy obligations; and
  • churches and religious associations.
 

robut

Well-known member
Joined
Apr 6, 2008
Messages
8,729
Great for lawyers, bad for business, especially small business.
I wonder ( re lawyers ) .. Im not sure many of them bar the big ones actually fully understand the full breath of this?

A guy I know who does quiet a few websites for lawyers ( small to medium ) said he still has not got any enquiries about adjusting there sites like adding appropriate GDPR privacy statements and policy pages etc. Nor sorting forms on sites to change for consent tick box etc.

I notice myself that many of the CMS systems like WORDPRESS which is used as the foundation of most sites .. These CMS systems are not fully up to GDPR proof either, especially many of the plugins. Web designers might know how to design a site but many would rely on plugins and 3rd party code that they do not have control over, to build a site. These plugins could be collecting data or adding cookies.
 
Last edited:

robut

Well-known member
Joined
Apr 6, 2008
Messages
8,729
GDPR, €20m fines and the dangers of false-confidence

Breaches will continue post-GDPR

Let’s not kid ourselves.

Even with strong defences, data breaches are going to continue post-GDPR.

Every new breach will attract the attention of regulators. And when they eventually come knocking, they’re going to ask the same two questions they always have.

“What did you do in an effort to prevent this?”

And, “What are you doing about it now?”


Increasingly stringent cyber security measures is the only acceptable answer.

If it’s an answer businesses are unable to give, then a conversation with regulators will be the least of their worries.
Cha ching ... more cash to the gov coffers while possibly closing another sme ??
 

robut

Well-known member
Joined
Apr 6, 2008
Messages
8,729
Who Must Comply - Expanded territorial scope

The GDPR represents a significantly increased territorial reach over its Data Protection Directive predecessor. Article 3 of the GDPR outlines that (all emphasis added unless otherwise stated):

1. This Regulation applies to the processing of personal data in the context of the activities of an establishment of a controller or a processor in the Union, regardless of whether the processing takes place in the Union or not.

2. This Regulation applies to the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to:

(a) the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the Union; or

(b) the monitoring of their behaviour as far as their behaviour takes place within the Union.

3. This Regulation applies to the processing of personal data by a controller not established in the Union, but in a place where Member State law applies by virtue of public international law.

Two primary groups of entities must therefore comply with the GDPR.

- Firms located in the EU
- Firms not located in the EU, if they offer free or paid goods or services to EU residents or monitor the behavior of EU residents
 

robut

Well-known member
Joined
Apr 6, 2008
Messages
8,729
GDPR is Not a Ticking Timebomb for Huge Fines

There is a huge amount of hype, mis-information and fear-based selling circling the subject of GDPR. With vendors, resellers and even so-called experts (who should know better) banding around threats of huge fines for non-compliance.

It reminds me of what happened in the year 2000 with the millennium bug, where we were told that at the stroke of midnight that technology would fail, and planes would fall out of the sky. Similarly, organizations are being told that on the 25th May they will go into compliance meltdown, fines will be issued to everyone, businesses will go bust and CISOs will have to work through the night to ensure they’re ready. It’s all got a bit out of hand to be honest.
In so many of my engagements, organizations just don’t know what’s happening to their unstructured data or who has access to it. My advice to anyone thinking about GDPR is to take it seriously, but in the immortal words of the Hitch Hikers Guide to the Galaxy, Don’t Panic. Let’s be prepared, but let’s keep some perspective. It’s a process – not a timebomb.
 

robut

Well-known member
Joined
Apr 6, 2008
Messages
8,729
Practical guidance on the GDPR – Part 5

Most people in business will have accumulated large contact lists in Outlook email systems or similar, containing many names and other contact details built up over a number of years. Will the GDPR really require that data to be reviewed or deleted or specific consent for it to be obtained? Or what remedy, if it were later found that this data were not validly held?
Read the article in response to this, interesting. It relates to your Outlook, Gmail contacts and also your Phone contact list going back years ..
 

Atlantean

Well-known member
Joined
Aug 23, 2017
Messages
823
Question apropos of obtaining Data & Information about oneself ;

Would the Requester be entitled to larger amount of more meaningful Data, & Information, when requesting through :

1_
Data Protection Act [ DPA ] ?

OR

2_
General Data Protection Regulation [ GDPR ] ?

OR

3_
Freedom of Information Act [ FOI ] ?
 

Lumpy Talbot

Well-known member
Joined
Jun 30, 2015
Messages
27,836
Twitter
No
Note the language change in the piece about European Union regulation... 'the Union'...
 

Lumpy Talbot

Well-known member
Joined
Jun 30, 2015
Messages
27,836
Twitter
No
Fantastically funny in some ways. Protection and holding of data in the UK as regards GDPR throws up some interesting questions.

For example info held for profiling guests at state functions, the palaces, the Foreign Office... unlikely to receive a visit from the Information Commissioner's Office or Data Protection people as it would have the effect of endangering someone's MBE.

Similarly you have one of the largest data gathering operations in Europe going on blissfully uninterrupted in Cheltenham with European communications systems being monitored and passed out of Europe to the US on a daily basis if not hourly. :)
 

Lumpy Talbot

Well-known member
Joined
Jun 30, 2015
Messages
27,836
Twitter
No
It doesn't surprise me that Irish state agencies and public service would be seeking an exemption.

Given what we know about 'data control' between the Gardai and state agencies such as Tusla I'd say that area should be the first place to be regulated.

Not only were there significant data breaches but defamatory and libelous information was being shared around like a red-headed child at a seminary.
 

Lumpy Talbot

Well-known member
Joined
Jun 30, 2015
Messages
27,836
Twitter
No
As for telephone contact between the media and garda commissioners, those two fantastically independent models of probity in the state, well, the less said the better.

Like a couple of teenagers on the 'phone when their parents are away.
 


New Threads

Popular Threads

Most Replies

Top