GDPR - anyone working in this area?
Discussion
Sheepshanks said:
DoubleSix said:
I occasionally give seminars.
At the end I hand out feedback forms where individuals write their contact details if they would like to discuss their personal situation in more detail. This information is only uploaded to a database if the individual becomes a client otherwise the form will end up in the shredder.
I’ve done some digging but am still not 100% what sort of action I need to take.
Anyone perhaps have some insight?
Many thanks
What the context?At the end I hand out feedback forms where individuals write their contact details if they would like to discuss their personal situation in more detail. This information is only uploaded to a database if the individual becomes a client otherwise the form will end up in the shredder.
I’ve done some digging but am still not 100% what sort of action I need to take.
Anyone perhaps have some insight?
Many thanks
PurpleMoonlight said:
I note some are using the previously opted in so we have left you in but you can opt out route.
Trouble is I never opted in. I purchased something from them via Ebay and they added me to their mailing list as a result without my agreement.
Yes, it's this sort of thing that will get people in trouble if they cannot 100% prove that you actually opted in.Trouble is I never opted in. I purchased something from them via Ebay and they added me to their mailing list as a result without my agreement.
From reading one post just above, it seems that big companies are very confident that they've got proof of opt-in!
PurpleMoonlight said:
I purchased something from them via Ebay and they added me to their mailing list as a result without my agreement.
As an eBay seller of collectibles, in the vast majority of cases we have no direct contact with the buyer. In a straightforward transaction, they win the item, pay by PayPal and we despatch the item(s) to them. We keep their details for accounting purposes and in case they turn "rogue", when we will want to see their history and consider blocking them from future purchases. Maybe once or twice a year we might send out an email to selected subsets to highlight items we have which they might be interested in. I think in future if we do that it will only be for buyers outside the EU.PurpleMoonlight said:
I note some are using the previously opted in so we have left you in but you can opt out route.
Trouble is I never opted in. I purchased something from them via Ebay and they added me to their mailing list as a result without my agreement.
They can use legitimate interest as their basis for mailing you. Trouble is I never opted in. I purchased something from them via Ebay and they added me to their mailing list as a result without my agreement.
GDPR said:
The processing of personal data for direct marketing may be regarded as carried out for a legitimate interest
gothatway said:
As an eBay seller of collectibles, in the vast majority of cases we have no direct contact with the buyer. In a straightforward transaction, they win the item, pay by PayPal and we despatch the item(s) to them. We keep their details for accounting purposes and in case they turn "rogue", when we will want to see their history and consider blocking them from future purchases. Maybe once or twice a year we might send out an email to selected subsets to highlight items we have which they might be interested in. I think in future if we do that it will only be for buyers outside the EU.
Buyers outside the EU have the same rights under GDPR as EU citizens if the data processor is located in the EU then they have the same protections.GDPR said:
This Regulation applies to the processing of personal data in the context of the activities of an establishment of a controller or a processor in the Union, regardless of whether the processing takes place in the Union or not.
plasticpig said:
PurpleMoonlight said:
I note some are using the previously opted in so we have left you in but you can opt out route.
Trouble is I never opted in. I purchased something from them via Ebay and they added me to their mailing list as a result without my agreement.
They can use legitimate interest as their basis for mailing you. Trouble is I never opted in. I purchased something from them via Ebay and they added me to their mailing list as a result without my agreement.
GDPR said:
The processing of personal data for direct marketing may be regarded as carried out for a legitimate interest
PurpleMoonlight said:
plasticpig said:
PurpleMoonlight said:
I note some are using the previously opted in so we have left you in but you can opt out route.
Trouble is I never opted in. I purchased something from them via Ebay and they added me to their mailing list as a result without my agreement.
They can use legitimate interest as their basis for mailing you. Trouble is I never opted in. I purchased something from them via Ebay and they added me to their mailing list as a result without my agreement.
GDPR said:
The processing of personal data for direct marketing may be regarded as carried out for a legitimate interest
The problem comes when you need a lawyer to defend you. Legitimate case to me is someone emailed an enquiry to you but didn't sign up for a newsletter. You are legitimately allowed to reply to that email. Signing up to a newsletter to me isn't legitimate. They didn't legitimately sign up for that st.
plasticpig said:
Buyers outside the EU have the same rights under GDPR as EU citizens if the data processor is located in the EU then they have the same protections.
How would they exercise those rights - complain to the ICO in the UK ?GDPR said:
This Regulation applies to the processing of personal data in the context of the activities of an establishment of a controller or a processor in the Union, regardless of whether the processing takes place in the Union or not.
I'm still getting a bit of Spam... Often from people I don't recognise as having ever given prior consent to or have asked for a recent opt-in, or even sent a n update to their Privacy Policy. They do however have an unsubscribe.
Are these people breaking the law now?
Should I report them?
Where do I report them? Does the ICO have a nice form on their website?
Generally people - have we noticed a decrease in SPAM as yet? My inbox is full of opt in requests, PP updates and normal spam from companies who don't seem bothered by the whole thing. To say everyone is confused is an understatement. I've even had some physical mail this week requesting an Opt In from a Volvo garage that I took my Dads car too.
Are these people breaking the law now?
Should I report them?
Where do I report them? Does the ICO have a nice form on their website?
Generally people - have we noticed a decrease in SPAM as yet? My inbox is full of opt in requests, PP updates and normal spam from companies who don't seem bothered by the whole thing. To say everyone is confused is an understatement. I've even had some physical mail this week requesting an Opt In from a Volvo garage that I took my Dads car too.
jonamv8 said:
I'm still getting a bit of Spam... Often from people I don't recognise as having ever given prior consent to or have asked for a recent opt-in, or even sent a n update to their Privacy Policy. They do however have an unsubscribe.
Are these people breaking the law now?
Should I report them?
Where do I report them? Does the ICO have a nice form on their website?
Generally people - have we noticed a decrease in SPAM as yet? My inbox is full of opt in requests, PP updates and normal spam from companies who don't seem bothered by the whole thing. To say everyone is confused is an understatement. I've even had some physical mail this week requesting an Opt In from a Volvo garage that I took my Dads car too.
DELETED: Comment made by a member who's account has been deleted.Are these people breaking the law now?
Should I report them?
Where do I report them? Does the ICO have a nice form on their website?
Generally people - have we noticed a decrease in SPAM as yet? My inbox is full of opt in requests, PP updates and normal spam from companies who don't seem bothered by the whole thing. To say everyone is confused is an understatement. I've even had some physical mail this week requesting an Opt In from a Volvo garage that I took my Dads car too.
On a seperate note anyone who has engaged with our business in anyway can be contacted under legitimate interest?
Tuna said:
DELETED: Comment made by a member who's account has been deleted.
The current government are remarkably authoritarian in that respect, and not in a good way.As far as GDPR goes I believe the DPA 2018 just fills in the gaps that are to be filled in at a local (UK )level.
Right, I think I've got how this all fits together.
As you say, GDPR is the underlying framework. Then you have PECR that all organisations have to comply with (B2B or B2C), then you have the DPA which is additional stuff you have to comply with if you are processing personal data (B2C).
At least that's how this page on the ICO website seems to set it out: https://ico.org.uk/for-organisations/guide-to-pecr...
As you say, GDPR is the underlying framework. Then you have PECR that all organisations have to comply with (B2B or B2C), then you have the DPA which is additional stuff you have to comply with if you are processing personal data (B2C).
At least that's how this page on the ICO website seems to set it out: https://ico.org.uk/for-organisations/guide-to-pecr...
How about this as a query.
A member of an occupational pension scheme (OPS) is looking to transfer in their benefits in an insured personal pension (PP).
The insurance company are demanding a letter from the OPS's bank confirming the signatories to the account and the Mandate provisions. There are more signatories than just the one member transferring his PP.
Would this be a breach of GDPR to me.
I have put it to the bank to see what they think.
A member of an occupational pension scheme (OPS) is looking to transfer in their benefits in an insured personal pension (PP).
The insurance company are demanding a letter from the OPS's bank confirming the signatories to the account and the Mandate provisions. There are more signatories than just the one member transferring his PP.
Would this be a breach of GDPR to me.
I have put it to the bank to see what they think.
Gassing Station | Business | Top of Page | What's New | My Stuff