GDPR - anyone working in this area?
Discussion
Hoofy said:
Wow. It almost becomes a business tax or at least a cost of running the business rather than a fine or risk.
I'd say information governance is just a cost of running a business these days.If you have any sort of IT presence you don't need to pay anyone a penny to simply ask "Do I patch?" and "Do I do sensible things around passwords?".
If you have staff you don't need to pay anyone a penny to think "Are my staff aware of this?" and if not, to do something basic to ensure that they are.
If you're storing stuff on external hard drives and USB sticks you shouldn't need to pay anyone to tell you they should be encrypted unless you've got a really good reason not to.
Not "you" personally of course
bhstewie said:
I'd say information governance is just a cost of running a business these days.
If you have any sort of IT presence you don't need to pay anyone a penny to simply ask "Do I patch?" and "Do I do sensible things around passwords?".
If you have staff you don't need to pay anyone a penny to think "Are my staff aware of this?" and if not, to do something basic to ensure that they are.
Years ago even for a smallish company you could have someone who was basically a book-keeper and they would also take care of what is now called 'Operations'. That's not feasible these days - the range and depth of things they'd need to cover is too great.If you have any sort of IT presence you don't need to pay anyone a penny to simply ask "Do I patch?" and "Do I do sensible things around passwords?".
If you have staff you don't need to pay anyone a penny to think "Are my staff aware of this?" and if not, to do something basic to ensure that they are.
Authorities seem to dislike small businesses.
Sheepshanks said:
Years ago even for a smallish company you could have someone who was basically a book-keeper and they would also take care of what is now called 'Operations'. That's not feasible these days - the range and depth of things they'd need to cover is too great.
Authorities seem to dislike small businesses.
The flip side would be that some small businesses (and big ones of course, it's not just an SMB thing) simply don't give a st but think that because they're a small business they can get away with it.Authorities seem to dislike small businesses.
They can't any more which has to be a good thing for their customers.
It's 2018 and certain kinds of st don't fly any more.
TinRobot has taken the time and trouble to explain it much better than I could
okgo said:
Hoofy said:
Wow. It almost becomes a business tax or at least a cost of running the business rather than a fine or risk.
Didn't FB famously do this with Whatsapp where not doing whatever they were meant to do was worth more to them than the €110 million they got fined..I had an email from a small business today notifying me they had a new privacy policy.
They had all 1200 email in the TO field.
I phoned them to tell them but the bloke already knew and said the M.D. had reported himself to the ICO and gone home early. (Yeah right)
Couple hours late the Reply All complaints started rolling in. Yay!
They had all 1200 email in the TO field.
I phoned them to tell them but the bloke already knew and said the M.D. had reported himself to the ICO and gone home early. (Yeah right)
Couple hours late the Reply All complaints started rolling in. Yay!
ashleyman said:
I had an email from a small business today notifying me they had a new privacy policy.
They had all 1200 email in the TO field.
I phoned them to tell them but the bloke already knew and said the M.D. had reported himself to the ICO and gone home early. (Yeah right)
Couple hours late the Reply All complaints started rolling in. Yay!
HMRC did simmilar to me earlier this year. They used the CC field instead of BCC. They had all 1200 email in the TO field.
I phoned them to tell them but the bloke already knew and said the M.D. had reported himself to the ICO and gone home early. (Yeah right)
Couple hours late the Reply All complaints started rolling in. Yay!
You would think an organisation as big as HMRC would know to use a list server for this sort of thing; but apparently not.
DELETED: Comment made by a member who's account has been deleted.
Well that's the IT bit - but I meant life in general for small companies. It's not so much having to comply with all sorts of 'red tape' but the complexity of learning about ever changing regulations and trying to stay on top of things.And they've whacked the tax up on our dividends!
ashleyman said:
I had an email from a small business today notifying me they had a new privacy policy.
They had all 1200 email in the TO field.
I phoned them to tell them but the bloke already knew and said the M.D. had reported himself to the ICO and gone home early. (Yeah right)
Couple hours late the Reply All complaints started rolling in. Yay!
Utterly priceless! I'm pinching that one too!! They had all 1200 email in the TO field.
I phoned them to tell them but the bloke already knew and said the M.D. had reported himself to the ICO and gone home early. (Yeah right)
Couple hours late the Reply All complaints started rolling in. Yay!
As TinRobot says, you wouldn't believe how poorly resourced & appreciated the IT in a Company is - until it goes down. Then all hell breaks loose. Perhaps if they hadn't been running their chairs over the network cables they'd have better luck...
The reluctance to spend only a few hundred quid on a NAS & some Cloud backup in even the smallest business is startling. I moderate a base level cyber security assessment for SMEs and the amount that try to wing it and then argue that a particular question should have an exception is significant. (In this cert, there's no real scope for compensating controls, it's cut & dried(ish) ).
My pet peeve. Un-Encrypted USB sticks with personal data on that are allowed to leave the office with no controls and too many small businesses wanting to run all their users as admin 'because it's easier'.
bhstewie said:
The flip side would be that some small businesses (and big ones of course, it's not just an SMB thing) simply don't give a st but think that because they're a small business they can get away with it.
They can't any more which has to be a good thing for their customers.
If a business cannot afford to meet the regulations without going on additional courses, employing extra staff or buying extra software/systems, then how is that a 'good thing' for their customers - who at best will end up paying for it, and at worst will find the business closes down?They can't any more which has to be a good thing for their customers.
I got my first email address over 25 years ago, and have had dozens of corporate and private addresses since then, as well as being signed up to just about every mainstream messaging/chat/document share system on the planet. I've used all of the well known social media sites both for work and private life. Not only have I been banking online for years, I *wrote* one of the first UK online banking sites.
In all that time, I've been inconvenienced by the sort of stuff GDPR is meant to protect me against... well to be honest, I can't think of a time when I have. With the exception of spam email (which GDPR doesn't stop, but Spam filters on the whole do), people exchanging information about me online has not harmed me or cost me anything. In fact, I get adverts that tend to show me the stuff that I want to see, rather than generic crap about My Little Pony or Dentures (neither of which I want).
So let's be clear about this. Parts of GDPR are important - notification of data breaches, and clear indications of opt-in and unsubscribe actions. However, if you're even vaguely digital savvy (which you should be if you shop/share/publish online), GDPR should have very little effect on your daily life. The question yet to be resolved is how much cost it imposes in practise on small businesses running on slim margins.
Something aposite from The Register: https://www.theregister.co.uk/2018/06/08/in_defenc...
Dabs said:
This stuff has to be paid for somehow, and if you won't hand over your money, it'll get funded by sponsorship and advertising. Except that you've decided that you won't put up with sponsorship and advertising either, and have put ad blockers in place to prevent them from appearing.
TheRainMaker said:
Complaint gone into the ICO about the ICO, total incompetent shower or s*^t.
Let us see if that finally gets a response from them, all we want to do is give them money
Over a month now to try and get DD payment details, no response from email, phones just ring and ring.
HAHAHA yeah I'd like to complain to the ICO, about the ICO and their utter lack of real guidance from SMEs or even awareness.Let us see if that finally gets a response from them, all we want to do is give them money
Over a month now to try and get DD payment details, no response from email, phones just ring and ring.
and for taking me away from making money to devise some bureaucratic policy that no one will ever read
I would appreciate a view from those who are more familiar with GDPR.
I bought an item from an Amazon marketplace seller for delivery to my work address. I didn't know the company I work for also buy directly from them. I was speaking to a colleague who deals with deliveries, etc and they asked me specifically about the item I had ordered.
I was surprised to say the least but it seems the seller I purchased from recognised the delivery address put 2 and 2 together and came up with the company must be buying through Amazon. The delivery turns up with the company name and telephone number on.
Apparently the linking of my personal order to the company is a no no under GDPR, the question is do I need to do anything about this even if it is trying to unlink my personal order from the company in the Amazon sellers systems?
I bought an item from an Amazon marketplace seller for delivery to my work address. I didn't know the company I work for also buy directly from them. I was speaking to a colleague who deals with deliveries, etc and they asked me specifically about the item I had ordered.
I was surprised to say the least but it seems the seller I purchased from recognised the delivery address put 2 and 2 together and came up with the company must be buying through Amazon. The delivery turns up with the company name and telephone number on.
Apparently the linking of my personal order to the company is a no no under GDPR, the question is do I need to do anything about this even if it is trying to unlink my personal order from the company in the Amazon sellers systems?
Dixons Carphone hack: Millions of customers' details stolen in huge cyber attack - The Independent
Theyve fallen short in their data security according to their MD.
Is this the first big breach since May D/L? Will they get hammered by ICO?
I wonder whether they’d updated their provacy policy....
Theyve fallen short in their data security according to their MD.
Is this the first big breach since May D/L? Will they get hammered by ICO?
I wonder whether they’d updated their provacy policy....
Gassing Station | Business | Top of Page | What's New | My Stuff