GDPR (niche thread)

Icarus-Smicarus · 2018-05-09T19:06:36.464Z

We were told we had to some online training about it. Went onto it and it was just a quiz of 5 questions. Got 4 right and that was it.

In short I haven’t learned anything about GDPR.

GEOFF · 2018-05-11T11:18:40.487Z

It’s finally here guys!!

ico.org.uk

consent-1-0.pdf

748.55 KB

the-breacher · 2018-05-11T12:14:27.788Z

I’ve been training my whole global Customer Care department on how GDPR will affect us.
Have spent months researching, building and delivering this training. Then with no warning someone somewhere sent an email to our entire customer base titled “*** GDPR TEST ***”, linking to an old Privacy Policy and with the links to consent or unsub dead. FML.

infinite_jest · 2018-05-15T22:36:26.725Z

Dear GDPR friends, I’ve just been tasked with finding out if the GDPR can apply to foreign (e.g. non- EU) government entities. I’m obviously going to try some standard legal research, but wondering if any of you fine minds have seen anything along those lines?

hip_young_gunslinger · 2018-05-15T22:37:48.922Z

How do you mean, “can apply to”? Any entity keeping data on users within the EU will be expected to comply iirc.

infinite_jest · 2018-05-15T23:48:46.274Z

I think the theory is that the government of state A isn’t bound by the laws of state B (with state B being the EU in this situation).

See this from the Aussies.

But yeah, everything I’ve seen agrees with what you said…

1101010 · 2018-05-16T00:23:22.466Z

We were discussing implications the other day. We supply software to companies who then store personal data. In order to investigate specific issues we often have to go onto their machines and view the system since so many issues are data dependent. But having done the in-house training the other day (which was still pretty WTAF at times) it feels like that means ever customer of that company has to explicitly say it’s okay for us to see their personal details.

I believe the latest version of our software does as much as it can to allow our customers to obey GDPR but part of the issue is that while we can easily hide personal details onscreen at an individual level, encrypting data on the database itself requires a lot more coding so I’m not really sure what is happening around that. Moreover it takes AGES to upgrade software so in the meantime it feels like there are going to be a lot of laws broken

Hopefully I’m just worrying overly about this.

infinite_jest · 2018-05-16T01:41:02.550Z

On further research, as far as I can tell the Aussies are off-base and it clearly applies to public sector organisations. Thanks for replying

1101010 · 2018-05-16T03:00:12.968Z

That Australian page doesn’t seem to say anything concrete, it just says you have to consider things but the key point is

Foreign states are generally entitled to be granted immunity from the jurisdiction of the courts of another state. Exceptions depend on the laws of the particular jurisdiction, and may include commercial transactions of a foreign state.

Basically it’s about commercial stuff but the point stands that you can’t take other governments to court for this sort of thing so there is always going to be a hole in this sort of process.

CHAIRMAN_LMAO · 2018-05-16T12:22:17.360Z

Just did my GDPR online training at work which I’d been putting off for ages as it says it took 34 minutes. And I’m, like, well busy posting on here and stuff. Realised you could skip through all the videos, then answer the questions at the end which are all very obvious. 17/20

colinzealuk · 2018-05-16T13:35:25.437Z

1101010:

encrypting data on the database itself requires a lot more coding so I’m not really sure what is happening around that.

Don’t pretty much all major databases have inbuilt features to allow encryption for data at rest these days, or is that just the Enterprise level ones? (i.e. not much good if you use something like MySQL or Posgress)

1101010 · 2018-05-16T13:36:18.350Z

Yes but I mean then your code needs to be able to run decryption at all points it reads the data.

colinzealuk · 2018-05-16T13:37:24.160Z

The database driver deals with it for you though - it’s completely transparent as a developer.

hip_young_gunslinger · 2018-05-16T13:50:20.683Z

My company’s legal team have decided we don’t need to regain consent from our current mailing list so the plan is to carry on as before…

1101010 · 2018-05-16T13:51:45.791Z

Oh right, well maybe they’ve done just that then. I haven’t seen it working so I’m unsure what’s available. The fact is that no one will have it in place for at least a month though.

colinzealuk · 2018-05-16T13:55:07.452Z

If you were doing things sensibly beforehand then you don’t need to. A LOT of companies would just stick everyone on all their mailing lists at the slightest sight of your existence, or auto tick the consent etc though.

“If you don’t not want us to never contact you by text mesage but sometimes not always contact you by phone, please untick this box.”

hip_young_gunslinger · 2018-05-16T14:10:35.768Z

Yeah, I get that. I’m pretty sure the mailing list had a pre-ticked box though… ¯\ (ツ) /¯

LilWoodyToodelly · 2018-05-16T14:16:16.694Z

The opt in emails are my favourite thing.

LilWoodyToodelly · 2018-05-16T14:17:21.160Z

The weird thing with the last one I got was that I could see everyone else that it had been sent to. Doesn’t seem to be in the spirit of things.

hip_young_gunslinger · 2018-05-16T14:19:45.842Z

A reply-all-pocalypse is just what GDPR needs.