GDPR - anyone working in this area?
Discussion
DELETED: Comment made by a member who's account has been deleted.
Trustpilot has that additional information though. It has the email address of the user. As I am sure you are aware dynamic IPs aren't actually that dynamic for ADSL and FTTP. My parents ADSL has had the same IP address for over a year. So in a lot of cases an individual can be identified by a dynamic IP. plasticpig said:
DELETED: Comment made by a member who's account has been deleted.
Trustpilot has that additional information though. It has the email address of the user. As I am sure you are aware dynamic IPs aren't actually that dynamic for ADSL and FTTP. My parents ADSL has had the same IP address for over a year. So in a lot of cases an individual can be identified by a dynamic IP. Theoretcally if only one of them had an account with Trustpilot it would be. If the IP can be uniquely linked to accessing one account then for the purposes of that website it's PI.
Then you have the situation of people living alone who have a fixed IP address.
An IP address has the potential of being PI. This one of the issues I have with the whole GDPR thing. There are some classes of data that in the vast majority of cases will not be PI but there are cases which it is.
An example of this is postcodes. Most postcodes define a group of properties so by itself it's not PI. However there are cases where a postcode is unique to a property. If a single individual lives at that property then the postcode can be used to identify them.
Then you have the situation of people living alone who have a fixed IP address.
An IP address has the potential of being PI. This one of the issues I have with the whole GDPR thing. There are some classes of data that in the vast majority of cases will not be PI but there are cases which it is.
An example of this is postcodes. Most postcodes define a group of properties so by itself it's not PI. However there are cases where a postcode is unique to a property. If a single individual lives at that property then the postcode can be used to identify them.
Regarding IP addresses, we've been instructed to hash the last part of the IP address for Google Analytics and internal logs:
https://support.google.com/analytics/answer/276305...
It removes track back to a single data subject but retains market information.
https://support.google.com/analytics/answer/276305...
It removes track back to a single data subject but retains market information.
Count me as one of the confused.
I asked about paper records earlier this morning. This is because I hold some names on file. I have no other contact details for them, just their name and their relationship to a member of a pension scheme.
Having had a very quick look at the changes, it appears I require their consent to hold their name. But how do I get that when all l have is their name?
I asked about paper records earlier this morning. This is because I hold some names on file. I have no other contact details for them, just their name and their relationship to a member of a pension scheme.
Having had a very quick look at the changes, it appears I require their consent to hold their name. But how do I get that when all l have is their name?
PurpleMoonlight said:
Count me as one of the confused.
I asked about paper records earlier this morning. This is because I hold some names on file. I have no other contact details for them, just their name and their relationship to a member of a pension scheme.
Having had a very quick look at the changes, it appears I require their consent to hold their name. But how do I get that when all l have is their name?
If you have a legitimate reason to hold those names .i.e. your business can’t function without them, or you can’t fulfill the contract you have been given, then you are ok. Are they the names of people the pension would pass to for instance. That would be reasonable.I asked about paper records earlier this morning. This is because I hold some names on file. I have no other contact details for them, just their name and their relationship to a member of a pension scheme.
Having had a very quick look at the changes, it appears I require their consent to hold their name. But how do I get that when all l have is their name?
If however you are just holding them for some random reason lost in the mists of time and haven’t looked at them for ten years, it would suggest you don’t really need them.
RicksAlfas said:
If you have a legitimate reason to hold those names .i.e. your business can’t function without them, or you can’t fulfill the contract you have been given, then you are ok. Are they the names of people the pension would pass to for instance. That would be reasonable.
If however you are just holding them for some random reason lost in the mists of time and haven’t looked at them for ten years, it would suggest you don’t really need them.
That's good then, ta.If however you are just holding them for some random reason lost in the mists of time and haven’t looked at them for ten years, it would suggest you don’t really need them.
Whilst the concept is simple, the consequences head towards the unintended at times.
I can understand the desire to 'protect the people', but data and services offered freely on the basis of that data collection are so deeply intertwined with our daily lives that unwinding them is a pain.
The consent example above leaves me wondering how Facebook can offer a service as (as far as I'm aware) it is absolutely impossible to use Facebook without some data leakage - so you cannot practically regard consent as being freely given. In fact the vast majority of apps in the App stores are free, but wish to serve personalised ads or collect user data in return for the service. Should there be a grand clear out?
In another forum there's a discussion about whether street photography constitutes the collection of personally identifiable information.
I'm sure it'll settle down, but perhaps having a 'big bang' introduction has not been well thought out.
I can understand the desire to 'protect the people', but data and services offered freely on the basis of that data collection are so deeply intertwined with our daily lives that unwinding them is a pain.
The consent example above leaves me wondering how Facebook can offer a service as (as far as I'm aware) it is absolutely impossible to use Facebook without some data leakage - so you cannot practically regard consent as being freely given. In fact the vast majority of apps in the App stores are free, but wish to serve personalised ads or collect user data in return for the service. Should there be a grand clear out?
In another forum there's a discussion about whether street photography constitutes the collection of personally identifiable information.
I'm sure it'll settle down, but perhaps having a 'big bang' introduction has not been well thought out.
"If you have a legitimate reason to hold those names .i.e. your business can’t function without them, or you can’t fulfill the contract you have been given, then you are ok".
That is where the bulk of legal issues will arise. Many businesses will use this excuse as their defence if they get hauled up before the beak.
That is where the bulk of legal issues will arise. Many businesses will use this excuse as their defence if they get hauled up before the beak.
Eric Mc said:
"If you have a legitimate reason to hold those names .i.e. your business can’t function without them, or you can’t fulfill the contract you have been given, then you are ok".
That is where the bulk of legal issues will arise. Many businesses will use this excuse as their defence if they get hauled up before the beak.
I could be wrong, but I don't anticipate this being a problem - as long as you don't do anything daft. That is where the bulk of legal issues will arise. Many businesses will use this excuse as their defence if they get hauled up before the beak.
In your business, if you started marketing to names given to you to run payroll, then expect to be spanked. But you would never do that, so it's not an issue.
I wish it was all so simple. We shall see how this legislation works out. It could end up being much the same as so many pieces of legislation - unworkable and unused.
It will be interesting to see if all the spam e-mails and junk mail and cold calls suddenly stop at midnight on May 25.
It will be interesting to see if all the spam e-mails and junk mail and cold calls suddenly stop at midnight on May 25.
Gassing Station | Business | Top of Page | What's New | My Stuff