You will have to expand on that.
Either it is a common sense item that needs regulating, or it doesn't. Or is it ok for big business to comply and not small business?
Did ya? Are you glad you did??
- Thread starter Justin Passing
- Start date
- Status
You will have to expand on that.
Either it is a common sense item that needs regulating, or it doesn't. Or is it ok for big business to comply and not small business?
Sponsored Links
I woke up this morning, and before i did anything i read through all the new days rules and regulations. It is such a bind having to read all the new EU rules and instructions, makes my life so much harder.
Actually, I then woke up and realised, it was all in my head.
Typical attitude of people that clearly dont run businesses and dont have any idea how much red tape costs.
I suppose such people would like the world to be run by huge MNC
A concerning number of businesses are cutting back in other areas to get GDPR compliant.
Still, little more than half of respondents feel positive about the GDPR and the importance of personal data protection. And so do we or we wouldn’t be writing about it.
A concerning number of businesses are cutting back in other areas to get GDPR compliant.
But when it boils down to the impact of GDPR for small and medium businesses (not all of course, everyone has a different business), the preparations for GDPR, the consequences and impact of GDPR on how customers cut budgets (adding pressure on top of economic woes) and the consequences when data subjects start exercising the rights they have towards small and medium business under GDPR, in many cases simply will make victims, indeed maybe including us.
Just to give you an idea: the costs of taking GDPR trainings, seeking additional certifications in the scope of our work and drafting the needed processor contracts alone is equal to roundabout one month of our revenues. So, in the end we can be happy if we start making money in November. However, we were stopping our whining. The most scary thing of all: a lot of small and medium businesses we know have no idea what is really coming.
https://www.i-scoop.eu/gdpr/gdpr-small-medium-businesses/
And from another site:
Celebrating Office Birthdays
An individual’s date of birth is their own personal data. Under the GDPR, it cannot be shared without express consent by the individual. So it is worth checking that you have everyone’s permission to host a shared calendar of birthdays in the office.
Sending Greeting Cards
If you were planning to send holiday greeting cards to your customers, you might want to think twice. If the cards will include individuals’ home addresses, make sure to acquire consent of the individuals in advance. If you do not have express consent to contact each customer, a different legitimate basis must be established for each business communication you send. So, it may be for the courts to decide the business legitimacy of sending season’s greetings.
Sharing Baby Photos
Think carefully before sharing baby photos with international colleagues. Personal data can only be transferred internationally if the country has been designated by the EU as providing an adequate level of data protection or by complying with an approved certification mechanism such as the EU-US Privacy Shield. Of course, if the sharing of a baby photo is deemed a purely personal activity, then it can be argued to fall outside of the scope of the GDPR.
Catering for Allergies
Do you have colleagues with nut allergies? Or perhaps they have kosher or halal dietary requirements? Sorry to say but these are all classed as personal data. So, before you call a restaurant or caterer, make sure you have your colleague’s permission to share their personal information with others.
Sharing Resumes for a Second Opinion
Not sure about a potential candidate for a role in your organization? Keep in mind that a resume contains personal data before sharing it for a second opinion. Of course, you could argue that it would be reasonable to share a resume of an applicant with others in the company on a need-to-know basis. However, an easy way to get a second view of a resume is to make it anonymous, by removing the name, address, phone number and any other identifiable information. This is also becoming a growing trend among businesses as part of an approach to remove gender and race bias in recruitment.
Joining a Mailing List
Does your website registration form have a pre-ticked box for customers to receive marketing information from third parties? You might want to rethink that come May 25th. Under the GDPR, silence, pre-ticked boxes and inactivity will no longer suffice as consent. You may also want to read through your privacy terms online, as any request by a business for consent to use personal information must be intelligible and in clear, plain language.
Talking Politics at Work
Political opinions are part of a special category of personal information, and organizations cannot record or process data about this type of information. So, if you were planning a company webcast about a forthcoming election, it may be best practice for a speaker to preface any comments with the phrase “I expressly consent to share this information about my political opinions”.
Calling in Sick
Health information is also part of that special category of personal information. Therefore, if you need to call in sick one morning to address a medical condition, you can’t then return to your sickbed and hope that the message will be passed on unless you have expressly consented for that information to be shared with every person who needs to be told. Alternatively, an individual can personally share that information themselves.
Data Auditing
Under the GDPR, an organization needs to have a designated person responsible for data protection matters, and in some cases, a company may need to formally appoint a Data Protection Officer before carrying out any large-scale processing of personal data. The appointed individual would be responsible for raising awareness of data protection regulations in an organization, training staff and managing audits of data processes.
Managing Data Breaches
If your business suffers a data hack, you’ve got to think quickly about alerting people. Under the GDPR, if personal data is accidentally or unlawfully lost, destroyed, altered or damaged, it needs to be reported to the supervisory authority within 3 days. And it’s not just the relevant authority that needs to be notified, all individuals impacted need to be informed too if it is likely to result in financial loss, identity theft or fraud.
I did.
See above
heres a thought: who pays for this stuff? -who does it impact more? a company like Tescos that can employ somebody full time, or small business that probably has to take on a consult to deal with it.
Sponsored Links
Here is a little link from your source.
What is personal data for the General Data Protection Regulation?
If you read Article 4(1), the definition of personal data consists of several elements which all need to be present.
If we shorten the article a bit it states that personal data is any information relating to an identified or identifiable person;
It doesn't mean general information for a restaurant booking, unless you give away the full details of an allergic person to identify them at the booking stage.
I wonder which site notch found?
I'm shocked to learn that until he was warned against it, he was in the habit of giving restaurants the name and addresses of colleagues and their allergies or other medical history.
And that instead of advising colleagues "Joe is off sick for the next week" he used to say "Joe's anal fissure has burst, and he's oozing blood, pus and ****, so he won't be in for a week."
It's appalling that until he read the guidance, he wouldn't have alerted customers when their credit card numbers, name, address and password had been stolen by hackers.
Notch is obviously the sort of person who needs to be trained on personal privacy.
I wonder why JohnD conveniently address the cost to small business -its because he only wants large multinational corporations to succeed.
I wonder which businesses influence the EU more -those large businesses with money to blow on Lobbyists perhaps.
Too difficult for Notch to answer.
But seemingly, no, he doesn't want data protected except by large companies.
I wonder if he thinks safety regulations should apply to small companies.
- Joined
- 31 May 2016
- Messages
- 17,577
- Reaction score
- 2,672
- Country
why can we not have a debate. without :
1. assuming the other person is an idiot, because they disagree
2. name calling
3. exaggerating what someone said so that it sounds ridiculous
There are some very real downsides to GDPR and not a great deal of upside, given what was already in place. All that happened is a bunch of mediocre IT support 'experts' made some money running pointless projects and some expensive management consultants ran around scaring people.
I personally don't mind a bit of targeted advertising and my hashed attributes being sold, to fund free services that I enjoy.
1. assuming the other person is an idiot, because they disagree
2. name calling
3. exaggerating what someone said so that it sounds ridiculous
There are some very real downsides to GDPR and not a great deal of upside, given what was already in place. All that happened is a bunch of mediocre IT support 'experts' made some money running pointless projects and some expensive management consultants ran around scaring people.
I personally don't mind a bit of targeted advertising and my hashed attributes being sold, to fund free services that I enjoy.
- Joined
- 23 Nov 2018
- Messages
- 442
- Reaction score
- 15
- Country
The GDPR, as an EU issue is to harmonise and consolidate the good practices for all EU members. It is not pointless and Article 13 is not unworkable. But it does put the onus of responsibility on the provider of social media rather then the individuals using that social media. They are far from SME's. Most are global multinational platforms.
Some EU members had little data protection legislation in place. Others had well thought-out legislation already operating.
Illicit and illegal data gathering goes way beyond mere targeted advertising or the selling of individuals attributes.
As I thought JohnD only wants large multinational companies to exist. He doesnt run a small business so he isn't interested in the cost and time implication and its too difficult for him to answer.
Nippledong seems to think the regulations don't apply to SME's
GDPR myths seem to be in the news. Is it coming from an anti-EU propaganda source?
has Buffoon changed his name?
https://blogs.ec.europa.eu/ECintheU...christmas-wish-lists-in-bavaria-or-elsewhere/
has Buffoon changed his name?
https://blogs.ec.europa.eu/ECintheU...christmas-wish-lists-in-bavaria-or-elsewhere/
Yes its because its a complicated law, people are confused. It would explain why smal, companies are having yo send staff on GDPR training.
Does the company get get reimbursed by the EU for the training cost and loss of work time?
Before GDPR, was there constant news about terrible data breaches by SMEs
- Status
Sponsored Links
Similar threads
- Poll
- Bodd
- General Discussion
