• Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
  • Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!

GDPR

Collapse
X
  •  
  • Filter
  • Time
  • Show
Clear All
new posts

    #11
    Originally posted by MarillionFan View Post
    Also additional processes around 'Right to be Forgotten' or 'Data Port Requests' form part of the new GDPR.

    Imagine a company with 100's of systems who has customer data replicated everywhere. I can request that data be deleted, and failure to do so will result in a fine. 4% of turnover is scaring the crap out of companies. Clientco has setup a task force & I'm getting a lot of interest. It's going to be a little like Y2K as everyone panics coming towards May. Some money to be made in the short-term, especially around auditiing.
    I think the right to be forgotten or data erasure (under specific circumstances) could be one of the bigger impacts. Let's say I as an individual request this from an organisation. Presumably data held on me is stored in a backup somewhere. What happens if there is a need to restore data e.g. in a DR scenario? How does the organisation prevent accidentally restoring 'forgotten' data?

    The new regulations also have a stricter definition of personally identifiable information I believe, where multiple pieces of information could potentially be pieced together to identify an individual.

    How about right to rectification? The new rules state this must be done within a maximum time of two months. When I worked for a large public sector body, it was often a challenge to comply with DPA subject access requests. It's more admin and paperwork.

    Comment


      #12
      Originally posted by TheFaQQer View Post
      I would suggest talking to Preterlex about it then - The GDPR - business, IT, and law in the privacy New World - PreterLex

      Implementation of GDPR will require complex business process / practice and software level changes - particularly any company where they process data overseas (even more so if it is outside the EU). If companies process data in certain countries where the local laws conflict with GDPR then they will need to stop that happening completely.

      I suspect that most companies will fall foul of the new laws because they don't understand what they have authority to do and what they don't.

      Companies will need to have a fundamental look at how they deal with data, how they will deal with it in the future, and how they will ensure that everyone understands that. Systems and processes will need to be reviewed to ensure that they have the appropriate levels of control, access, removal, and metadata about what can be shared and what can't and with whom.

      I had some experience of data protection projects when I worked for a big online retailer who was implementing a solution for their websites to comply with the then new EU 'Cookies Law' which was part of the Privacy and Electronic Communications Regulations.

      Compared to GDPR, it was a lot more straightforward but I spent more time on the project in a room with Legal Counsel then I did with the techies. Ironically, the UK was given an extra 12 month dispensation to comply with the new law, partly due to the perceived technical complexity. Interestingly, a lot of online retailers didn't implement a technical solution by the given date as everyone was waiting to see what their competitors were doing. We developed a fairly good technical solution but in the end didn't turn it on as we were able to get away with some more tactical changes.

      I suspect some organisations will be in trouble come early 2018 when the realise they have no hope of complying in time.

      It's going to be a good time to be a data protection specialist, that's for sure!

      Comment


        #13
        Originally posted by edison View Post
        I think the right to be forgotten or data erasure (under specific circumstances) could be one of the bigger impacts. Let's say I as an individual request this from an organisation. Presumably data held on me is stored in a backup somewhere. What happens if there is a need to restore data e.g. in a DR scenario? How does the organisation prevent accidentally restoring 'forgotten' data?

        The new regulations also have a stricter definition of personally identifiable information I believe, where multiple pieces of information could potentially be pieced together to identify an individual.

        How about right to rectification? The new rules state this must be done within a maximum time of two months. When I worked for a large public sector body, it was often a challenge to comply with DPA subject access requests. It's more admin and paperwork.
        If you want to feck a firm of do a Data Subject Access Request.

        Oh and I just got a Delivery Manager role through for GDPR changes.

        Seems they are spamming anyone with "data protection" on their CV.
        "You’re just a bad memory who doesn’t know when to go away" JR

        Comment


          #14
          Originally posted by SueEllen View Post
          If you want to feck a firm of do a Data Subject Access Request.

          Oh and I just got a Delivery Manager role through for GDPR changes.

          Seems they are spamming anyone with "data protection" on their CV.
          That's good news!

          However do you think you will get much direction on what you are supposed to deliver as it seems that is the mystery right now (outside of the usual existing DPA requirements)

          Comment


            #15
            I'm banking on GDPR keeping me in invoices for the next year at least. (As I work in Data Protection).

            qh
            He had a negative bluety on a quackhandle and was quadraspazzed on a lifeglug.

            I look forward to your all knowing and likely sarcastic and unhelpful reply.

            Comment


              #16
              Originally posted by SueEllen View Post
              If you want to feck a firm of do a Data Subject Access Request.
              Today is day 38 since I submitted mine to Virgin Trains.

              Two days to go and they've not even acknowledged it yet.
              Best Forum Advisor 2014
              Work in the public sector? You can read my FAQ here
              Click here to get 15% off your first year's IPSE membership

              Comment


                #17
                Originally posted by TheFaQQer View Post
                Today is day 38 since I submitted mine to Virgin Trains.

                Two days to go and they've not even acknowledged it yet.
                Will you report them to the ICO if they don't respond?

                qh
                He had a negative bluety on a quackhandle and was quadraspazzed on a lifeglug.

                I look forward to your all knowing and likely sarcastic and unhelpful reply.

                Comment


                  #18
                  Originally posted by quackhandle View Post
                  Will you report them to the ICO if they don't respond?

                  qh
                  Too right.
                  Best Forum Advisor 2014
                  Work in the public sector? You can read my FAQ here
                  Click here to get 15% off your first year's IPSE membership

                  Comment


                    #19
                    Originally posted by quackhandle View Post
                    I'm banking on GDPR keeping me in invoices for the next year at least. (As I work in Data Protection).

                    qh
                    I'm hoping the same - I start a new gig next week which will be mainly centred around GDPR!

                    Comment

                    Working...
                    X