Originally posted by tarbera
View Post
-
Not unless they provide a line-by-line breakdown of why it's wrong, which I can forward to the ICO
-
lol
My original Reply standsOriginally posted by CornishYarg View Post
I have just shown this thread to my highly trained £1.5K/day team of GDPR Lawyers
They have asked If they can have your consent to use in a upcoming "Funny" section of an upcoming GDPR Conference? - PM me pleaseLeave a comment:
-
Rather than ring the ICO helpline I suggest you talk to the client's Data Controller.Originally posted by CornishYarg View Post
Being a distinct legal entity shouldn't make you responsible IMO unless you were taking the data off-site to process on your own systems (I assume you're using client's systems and processes).
IANAL
EDIT: I still don't think it has a bearing on RoS.Leave a comment:
-
Sure. But if I need to contract someone to fulfill the substitution, and 'data processor'ing is involved, then the GDPR touches on it.Originally posted by Lance View Post
The doubt came about after calling the ICO's helpline. My company has access to personal data to fulfil tasks for clients (analyse logs, copy data between databases etc), and because I am not an employee of the client but a distinct legal entity, their "it sounds like..." was that I would fall as a data processor, complete with the need for processing agreements with each client.You're almost certainly not the 'data processor' for your client in either GDPR or DPA terms.
Not heard that one before, so posting here.
I really hope so, because both on the 'data processor' front and 'substitution', it'll be a PITA if notyou're barking up the wrong tree with the wrong of the stick, and had someone's eye out with a papercut (they hurt).Leave a comment:
-
Just to be clear, since it's not certain that you are:
Sub-contracting - you hire someone to do part or all of the work required by your contract under a separate commercial agreement between YourCo and TheirCo.
Substitution - you hire someone to work under the terms of YourCo's existing contract and you (presumably) take a portion of their fees. They can be contractors in their own right or (probably not such a good idea) an employee of yours.
Neither has any obvious impact on GDPR but I'm no expert on that side of it.Leave a comment:
-
It went through an IPSE review.Originally posted by northernladuk View Post
You've got what I meant totally the wrong way round. I'm saying I'm on the hook, operating as an external company providing services, and I don't get the objection of many clients to my company subcontracting work.You are joking right? Your company has a contract to which you are sent in on their behalf. You can't do it so your company sends in another substitute and you have no idea why you'd still be on the hook?
Great - look forward to you unpacking that.Reading the rest of the post I can't help thinking you don't really understand the relationships between you and your company, your company and your client, your client and you.
Did that before posting here. I'm not stupid, I don't set myself up for ridicule except as a last resort. This was one: https://forums.contractoruk.com/publ...ml#post2386687Look up the definition of subcontract and substitution and see if you can answer that question.
But given I'd have to subcontract to substitute, the two are entwined.Leave a comment:
-
RoS is a contractual term that has nothing to do with GDPR.Originally posted by CornishYarg View PostMy contracts have a Right of Substitution clause which I've never used. I've been looking at how it would work under GDPR - and found I don't understand how it works under current laws
You're almost certainly not the 'data processor' for your client in either GDPR or DPA terms.Originally posted by CornishYarg View Post
you're barking up the wrong tree with the wrong of the stick, and had someone's eye out with a papercut (they hurt).Originally posted by CornishYarg View PostLeave a comment:
-
Did you have your contract checked by an IR35 specialist? RoS is one of the three major pillars for an outside IR35 status. If they can refuse for no reason it's a fail on that point.So far so good. But generally my contracts say no subcontracting without the client's approval. Usually it's an emotive subject for them -
You are joking right? Your company has a contract to which you are sent in on their behalf. You can't do it so your company sends in another substitute and you have no idea why you'd still be on the hook?given I'd still be on the hook for quality and delivery, not sure why.
Reading the rest of the post I can't help thinking you don't really understand the relationships between you and your company, your company and your client, your client and you. Lot of odd questions being asked.
Look up the definition of subcontract and substitution and see if you can answer that question.Q1: Is substituting different to subcontracting the work?Leave a comment:
-
GDPR
GDPR has same inpact on your right of substitution as the following lawsOriginally posted by CornishYarg View Post
First law: A robot may not harm a human being, or, through inaction, allow a human being to come to harm.
Second law: A robot must obey the orders given to it by human beings, except where such orders would conflict with the First Law.
Third law: A robot must protect its own existence, as long as such protection does not conflict with the First or Second Law.Leave a comment:
-
IR35, right of substitution vs subcontracting, and the GDPR
My contracts have a Right of Substitution clause which I've never used. I've been looking at how it would work under GDPR - and found I don't understand how it works under current laws
As often found in IT there's just me as the fee-earner in my company. If I had to substitute someone for me (for holiday or illness cover) I'd need to contract the work to someone I trusted - I can't tell Bob at the desk next to mine to do it.
So far so good. But generally my contracts say no subcontracting without the client's approval. Usually it's an emotive subject for them - given I'd still be on the hook for quality and delivery, not sure why. I digress.
Q1: Is substituting different to subcontracting the work?
This is a pressing question because of Article 28(2) of the GDPR. Due to the information I see on their systems, I am a data processor for my clients (the data controller).
Article 28(2) says
Because there's only me, substituting would mean subcontracting out the work, which would be engaging another processor, which requires the written authorisation of the controller."The processor shall not engage another processor without prior specific or general written authorisation of the controller. In the case of general written authorisation, the processor shall inform the controller of any intended changes concerning the addition or replacement of other processors, thereby giving the controller the opportunity to object to such changes."
Which I read as invoking the "prior, written approval" problem for substitution.
Q2: Does the GDPR impact on the Right of Substitution?
In all of this I don't know what the current situation is under the Data Protection Act 1998 (DPA) re substitution and I haven't been able to find out. Ditto for subcontracting, though I've seen (and done) subcontracting without a thought other than to ensure the subcontractor has signed an NDA/knows what's confidential/takes good care of any personal data.
Would like to know, though.
Leave a comment: