GDPR (niche thread)


We were told we had to some online training about it. Went onto it and it was just a quiz of 5 questions. Got 4 right and that was it.

In short I haven’t learned anything about GDPR.


It’s finally here guys!!


I’ve been training my whole global Customer Care department on how GDPR will affect us.
Have spent months researching, building and delivering this training. Then with no warning someone somewhere sent an email to our entire customer base titled “*** GDPR TEST ***”, linking to an old Privacy Policy and with the links to consent or unsub dead. FML.


Dear GDPR friends, I’ve just been tasked with finding out if the GDPR can apply to foreign (e.g. non- EU) government entities. I’m obviously going to try some standard legal research, but wondering if any of you fine minds have seen anything along those lines?


How do you mean, “can apply to”? Any entity keeping data on users within the EU will be expected to comply iirc.


Honestly the way so many people talk about this its as if we didnt aready have data protection legislation. You can still email people ffs.


I think the theory is that the government of state A isn’t bound by the laws of state B (with state B being the EU in this situation).

See this from the Aussies.

But yeah, everything I’ve seen agrees with what you said…


We were discussing implications the other day. We supply software to companies who then store personal data. In order to investigate specific issues we often have to go onto their machines and view the system since so many issues are data dependent. But having done the in-house training the other day (which was still pretty WTAF at times) it feels like that means ever customer of that company has to explicitly say it’s okay for us to see their personal details.

I believe the latest version of our software does as much as it can to allow our customers to obey GDPR but part of the issue is that while we can easily hide personal details onscreen at an individual level, encrypting data on the database itself requires a lot more coding so I’m not really sure what is happening around that. Moreover it takes AGES to upgrade software so in the meantime it feels like there are going to be a lot of laws broken :grimacing:

Hopefully I’m just worrying overly about this.


On further research, as far as I can tell the Aussies are off-base and it clearly applies to public sector organisations. Thanks for replying :slight_smile:


That Australian page doesn’t seem to say anything concrete, it just says you have to consider things but the key point is

Foreign states are generally entitled to be granted immunity from the jurisdiction of the courts of another state. Exceptions depend on the laws of the particular jurisdiction, and may include commercial transactions of a foreign state.

Basically it’s about commercial stuff but the point stands that you can’t take other governments to court for this sort of thing so there is always going to be a hole in this sort of process.


Just did my GDPR online training at work which I’d been putting off for ages as it says it took 34 minutes. And I’m, like, well busy posting on here and stuff. Realised you could skip through all the videos, then answer the questions at the end which are all very obvious. 17/20 :sunglasses:


Don’t pretty much all major databases have inbuilt features to allow encryption for data at rest these days, or is that just the Enterprise level ones? (i.e. not much good if you use something like MySQL or Posgress)


Yes but I mean then your code needs to be able to run decryption at all points it reads the data.


The database driver deals with it for you though - it’s completely transparent as a developer.


you are. but it’s good that you’re overworrying i guess coz it helps get ahead of the game. we’re doing one of those annoying opt in emails out of paranoia but in truth im 99% that we don’t need to…


My company’s legal team have decided we don’t need to regain consent from our current mailing list so the plan is to carry on as before…


i had a while mulling over just sending out a ‘you’re only on this list if you asked us to specifically be added, but here’s an unsubscribe button anyway just in case you’d rather go.’ kinda thing…


Oh right, well maybe they’ve done just that then. I haven’t seen it working so I’m unsure what’s available. The fact is that no one will have it in place for at least a month though.


If you were doing things sensibly beforehand then you don’t need to. A LOT of companies would just stick everyone on all their mailing lists at the slightest sight of your existence, or auto tick the consent etc though.

“If you don’t not want us to never contact you by text mesage but sometimes not always contact you by phone, please untick this box.”


Yeah, I get that. I’m pretty sure the mailing list had a pre-ticked box though… ¯\ (ツ)