GDPR question - as an end user not someone holding the data.
Discussion
This past 2 months or so, I have been receiving emails about GDPR.
A couple of questions:
Do companies have to remove my data by default?
Some of the emails contain an unsubscribe link, but the cynical side of me is viewing this as phishing.
So, do I need to request removal, or should they just 'forget' me by default? (I was under the impression it was the latter.)
TIA.
A couple of questions:
Do companies have to remove my data by default?
Some of the emails contain an unsubscribe link, but the cynical side of me is viewing this as phishing.
So, do I need to request removal, or should they just 'forget' me by default? (I was under the impression it was the latter.)
TIA.
TonyRPH said:
This past 2 months or so, I have been receiving emails about GDPR.
A couple of questions:
Do companies have to remove my data by default?
Some of the emails contain an unsubscribe link, but the cynical side of me is viewing this as phishing.
So, do I need to request removal, or should they just 'forget' me by default? (I was under the impression it was the latter.)
TIA.
If they can satisfy one of the 6 lawful bases for processing, then they don't have to delete the data. Consent is only one of the 6.A couple of questions:
Do companies have to remove my data by default?
Some of the emails contain an unsubscribe link, but the cynical side of me is viewing this as phishing.
So, do I need to request removal, or should they just 'forget' me by default? (I was under the impression it was the latter.)
TIA.
Article 6 (1) refers to this.
https://gdpr-info.eu/art-6-gdpr/
https://ico.org.uk/for-organisations/guide-to-the-...
This will tie in with the UK Gov's Data Protection Bill (when it gets signed off in the Houses).
This morning I have gone through several emails and contacted the relevant parties requesting data removal.
It will be interesting to see if my requests meet with compliance, and even more interesting to see how much spam I get in the future.
Interestingly, one email did contain this paragraph:
So is it as I thought, and they cannot retain my information without my consent?
I've read through the links provided above by 'acd80', but couldn't seem to answer my own question....
It will be interesting to see if my requests meet with compliance, and even more interesting to see how much spam I get in the future.
Interestingly, one email did contain this paragraph:
email said:
At some point in the past you registered interest with the <agency>, I hope that we were able to help you during that period and that your career in IT has been fruitful. With the advent of GDPR we are henceforth unable to retain your personal details without your consent so your records will be deleted in the next few weeks.
So is this correct?So is it as I thought, and they cannot retain my information without my consent?
I've read through the links provided above by 'acd80', but couldn't seem to answer my own question....
As already stated, consent is only one of the legal justifications for processing your data. I'm convinced that many people are just covering themselves by asking that you consent (or re-consent).
You have probably had a few just informing you that they have updated their privacy policy - where they are happy they already have your consent, or they don't think they need it. They agency in the example don't seem to be very clear how they came by your information in the first place so are aiming to cover themselves because they are not sure they have a legal basis for the processing.
You have probably had a few just informing you that they have updated their privacy policy - where they are happy they already have your consent, or they don't think they need it. They agency in the example don't seem to be very clear how they came by your information in the first place so are aiming to cover themselves because they are not sure they have a legal basis for the processing.
TonyRPH said:
This past 2 months or so, I have been receiving emails about GDPR.
A couple of questions:
Do companies have to remove my data by default?
Some of the emails contain an unsubscribe link, but the cynical side of me is viewing this as phishing.
So, do I need to request removal, or should they just 'forget' me by default? (I was under the impression it was the latter.)
TIA.
No.A couple of questions:
Do companies have to remove my data by default?
Some of the emails contain an unsubscribe link, but the cynical side of me is viewing this as phishing.
So, do I need to request removal, or should they just 'forget' me by default? (I was under the impression it was the latter.)
TIA.
The reality is - most companies won't.
They know the ICO won't be knocking on their door to check.
Corso Marche said:
Without starting a new thread, does GDPR impact employers in any way? I've a previous employer who has many details of mine (including passport copies) and quite frankly I'm not at ease at all with their data security.
Yes. They have all the same responsibilites to secure and process this data in line with the legislation. They may have a need to retain some level of data for legal/tax recording reasons, but the rest (like passports) they have no legitimate reason to retain and should delete it - you can request that they do this and they must comply.A decent summary - last paragraph in particular:
https://www.xperthr.co.uk/faq/does-the-general-dat...
Well, I've kept a record of all the data removal requests I've made - so if I hear from any of them again any time soon, I'll report them.
I've been getting emails from recruitment agencies I've never heard of (and *never* had any dealings with) so it's quite clear that my data has been passed around without my consent, something which I take quite seriously.
In fact it's recruitment agencies that I've had the biggest problem with, but that's a new topic entirely...
I've been getting emails from recruitment agencies I've never heard of (and *never* had any dealings with) so it's quite clear that my data has been passed around without my consent, something which I take quite seriously.
In fact it's recruitment agencies that I've had the biggest problem with, but that's a new topic entirely...
P924 said:
TonyRPH said:
Well, I've kept a record of all the data removal requests I've made - so if I hear from any of them again any time soon, I'll report them.
But how will they know they've contacted you before?Not to mention other emails (random mailshots) sent by them (those that have previously made contact) over time.
P924 said:
Sorry, being a little obtuse, was talking to a consultant about this, and he said, don't request delete of your details, as then they'll just keep contacting you, having no record of the earlier deletion.
Ok no worries.My initial reaction was to ignore all the updates and not request deletion, but as I run and manage my own mail servers and have unlimited email addresses at my disposal, if the unsolicited email becomes a problem I'll just block them*.
Of course that won't prevent them retaining my data, but from the CVs I've seen - much of it is very, very outdated so I'm not too bothered.
From my perspective, this has also turned into a bit of an experiment just to see how they respond as well.
- I have in fact previously set up a rather nasty rule to send their email back to them 5 times over for fun :P
ging84 said:
Great move
At best that is harmful to your deliverability, at worst it is a crime.
you think it actually has any impact on anyone else?
Not really a great move.At best that is harmful to your deliverability, at worst it is a crime.
you think it actually has any impact on anyone else?
Sending me unsolicited email is also a crime, although 'two wrongs don't make a right' as my old mum used to say.
I doubt very much if it had an impact on anybody.
As for deliverability rating, I did it once and realised it was probably a bit pointless, but it gave me 5 minutes of satisfaction.
Like I said above I just block them now and if they're persistent enough report them to blacklists.
P924 said:
Sorry, being a little obtuse, was talking to a consultant about this, and he said, don't request delete of your details, as then they'll just keep contacting you, having no record of the earlier deletion.
This was discussed earlier in the main GDPR thread and even though your data has been deleted firms are still supposed to screen against 'do not mail' lists - an IT person in the thread said it can be done easily using hashed data.Sheepshanks said:
P924 said:
Sorry, being a little obtuse, was talking to a consultant about this, and he said, don't request delete of your details, as then they'll just keep contacting you, having no record of the earlier deletion.
This was discussed earlier in the main GDPR thread and even though your data has been deleted firms are still supposed to screen against 'do not mail' lists - an IT person in the thread said it can be done easily using hashed data.Even "do not mail" lists - the whole concept shouldn't be needed. If you haven't gathered individual specific consent to keep/process personal data you shouldn't be sending it mail, so the list is not needed. If you have gathered consent the precise details of what/when that consent is forms your effective list - there should be no concept of gathering email addresses which would be needed to be compared against a list of this time.
Gassing Station | Computers, Gadgets & Stuff | Top of Page | What's New | My Stuff