GDPR - anyone working in this area?

Didn't FB famously do this with Whatsapp where not doing whatever they were meant to do was worth more to them than the €110 million they got fined..

The flip side would be that some small businesses (and big ones of course, it's not just an SMB thing) simply don't give a st but think that because they're a small business they can get away with it.

They can't any more which has to be a good thing for their customers.

It's 2018 and certain kinds of st don't fly any more.

TinRobot has taken the time and trouble to explain it much better than I could

I had an email from a small business today notifying me they had a new privacy policy.

They had all 1200 email in the TO field.

I phoned them to tell them but the bloke already knew and said the M.D. had reported himself to the ICO and gone home early. (Yeah right)

Couple hours late the Reply All complaints started rolling in. Yay!

Utterly priceless! I'm pinching that one too!!

As TinRobot says, you wouldn't believe how poorly resourced & appreciated the IT in a Company is - until it goes down. Then all hell breaks loose. Perhaps if they hadn't been running their chairs over the network cables they'd have better luck...

The reluctance to spend only a few hundred quid on a NAS & some Cloud backup in even the smallest business is startling. I moderate a base level cyber security assessment for SMEs and the amount that try to wing it and then argue that a particular question should have an exception is significant. (In this cert, there's no real scope for compensating controls, it's cut & dried(ish) ).

My pet peeve. Un-Encrypted USB sticks with personal data on that are allowed to leave the office with no controls and too many small businesses wanting to run all their users as admin 'because it's easier'.

Yes - hope all is well TR.

Issues like GDPR pale when confronted with genuine human concerns.

If a business cannot afford to meet the regulations without going on additional courses, employing extra staff or buying extra software/systems, then how is that a 'good thing' for their customers - who at best will end up paying for it, and at worst will find the business closes down?

I got my first email address over 25 years ago, and have had dozens of corporate and private addresses since then, as well as being signed up to just about every mainstream messaging/chat/document share system on the planet. I've used all of the well known social media sites both for work and private life. Not only have I been banking online for years, I *wrote* one of the first UK online banking sites.

In all that time, I've been inconvenienced by the sort of stuff GDPR is meant to protect me against... well to be honest, I can't think of a time when I have. With the exception of spam email (which GDPR doesn't stop, but Spam filters on the whole do), people exchanging information about me online has not harmed me or cost me anything. In fact, I get adverts that tend to show me the stuff that I want to see, rather than generic crap about My Little Pony or Dentures (neither of which I want).

So let's be clear about this. Parts of GDPR are important - notification of data breaches, and clear indications of opt-in and unsubscribe actions. However, if you're even vaguely digital savvy (which you should be if you shop/share/publish online), GDPR should have very little effect on your daily life. The question yet to be resolved is how much cost it imposes in practise on small businesses running on slim margins.

Something aposite from The Register: https://www.theregister.co.uk/2018/06/08/in_defenc...

I would appreciate a view from those who are more familiar with GDPR.

I bought an item from an Amazon marketplace seller for delivery to my work address. I didn't know the company I work for also buy directly from them. I was speaking to a colleague who deals with deliveries, etc and they asked me specifically about the item I had ordered.

I was surprised to say the least but it seems the seller I purchased from recognised the delivery address put 2 and 2 together and came up with the company must be buying through Amazon. The delivery turns up with the company name and telephone number on.

Apparently the linking of my personal order to the company is a no no under GDPR, the question is do I need to do anything about this even if it is trying to unlink my personal order from the company in the Amazon sellers systems?