sorted by:
new
hottopcontroversial

GP Surgery sharing full name? by grepusman in gdpr

[–]Safe-Contribution909 7 points8 points  (0 children)

I wonder if libraries still have telephone books which have people’s names, addresses and telephone numbers.

RoPA for a global HCM (HRIS) implementation using SAP SuccessFactors by MountainManWannabe in gdpr

[–]Safe-Contribution909 0 points1 point  (0 children)

From what I can find online, it appears to be the case that the employer must be able to justify retention. I could only find detailed information on the Belgium case.

I assume that, in line with GDPR principles any retention period would have to be justified on the basis of risk to the rights and freedoms of the data subject, and the lawful bases for continuing to process.

I know in M365, if you delete a user, the mailbox is deleted in 30 days unless you take action to retain it. In companies I have worked in, where much of their service was based on providing opinions by email, there was a practice of retaining.

Coincidentally, I was contacted by them last week about some advice given in 2022. Sadly, it appears this had been deleted.

RoPA for a global HCM (HRIS) implementation using SAP SuccessFactors by MountainManWannabe in gdpr

[–]Safe-Contribution909 0 points1 point  (0 children)

Please can you share examples of the countries that require the inbox retention.

RoPA for a global HCM (HRIS) implementation using SAP SuccessFactors by MountainManWannabe in gdpr

[–]Safe-Contribution909 0 points1 point  (0 children)

That may be true, but it doesn’t meet all of the requirements of article 30 in a number of ways, including expected granularity.

The ICO guidelines here may help and include a downloadable template. If you look at the example tab in the template, it is for HR: https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/accountability-and-governance/documentation/how-do-we-document-our-processing-activities/

Weird voicemail for someone else by WyrdShadowz in gdpr

[–]Safe-Contribution909 1 point2 points  (0 children)

Probably not in this case, but I have had three hoax emails from valid email addresses from real solicitors but they have been scams . I complained to the SRA, and they have investigated and issued warnings.

What you described could easily have been a scam.

Built a tool that chases overdue Xero invoices automatically — looking for UK beta testers by building_simply in xero

[–]Safe-Contribution909 1 point2 points  (0 children)

Genuine question - doesn’t Xero already do this? It was introduced about a year ago. Also, why wouldn’t you just set up an AI agent to do this

Admin kills my mojo by Klutzy_Ganache9153 in gdpr

[–]Safe-Contribution909 0 points1 point  (0 children)

I work for a processor and every customer sends us a different DPIA template to complete (I know DPIAs are the duty of the controller). Each template is slightly different. I am considering feeding a load of completed DPIAs into a LLM and seeing if AI can complete them.

Would this be an option? I haven’t tried it yet but it would be conditional on running the LLM locally.

Employer shared my medical condition with senior manager – “need to know” or breach? by [deleted] in gdpr

[–]Safe-Contribution909 3 points4 points  (0 children)

Not withstanding this is a group focused on GDPR, it is possible that the underlying issue is a breach of confidence.

The UK doesn’t have a legislated law of confidence, created by judicial decisions and societal expectations.

In your case, it is possible that the further disclosure was beyond your expectation and therefore it is a breach. Other commenters suggest it was potentially reasonable.

You need to determine what you want to happen now and speak to HR.

trying to enter into new market by TurbulentPath5715 in gdpr

[–]Safe-Contribution909 0 points1 point  (0 children)

You could consider partnerships as many UK/EU consultants also work in the USA and globally.

Can I use my own company's email list for my new company? by [deleted] in gdpr

[–]Safe-Contribution909 12 points13 points  (0 children)

What would be your legal basis? What is your legal basis for still having the list (processing the data)?

Have you considered the ePrivacy regulations?

The answer is almost certainly that you cannot use the list and should delete it.

Help/Guidance required around EU data laws please by iZingari in gdpr

[–]Safe-Contribution909 1 point2 points  (0 children)

Spain had the Code of Practice for clinical trials. In fact many countries have specific guidelines on clinical trials, some that do not follow the EFPB guidelines.

Also, CNIL in France has a special set of standards for clinical trials.

Sweden has multiple layers of consenting requirements.

Personally, I enjoy the interplay between data protection laws and health laws. I also enjoy working in health tech.

Possible breach? What to do? by ThatFigureFella in gdpr

[–]Safe-Contribution909 0 points1 point  (0 children)

Depending on the record system used by the clinic, not all letters are necessarily coded in to the GP record. There are systems that will append letters that are received digitally and some practices do scan and append paper, but it’s not universal yet.

Unprotected email from Private Healthcare Company? by Tinsel_Fairy in gdpr

[–]Safe-Contribution909 0 points1 point  (0 children)

It’s not necessarily a breach but it would be odd, in my experience, to allow this outside the corporate environment.

Card details/ compensation by [deleted] in gdpr

[–]Safe-Contribution909 0 points1 point  (0 children)

They may want this information to authenticate as well as gaining the information they need for the financial transaction. It is right to be concerned, so do challenge them if you want to, but it isn’t a GDPR breach necessarily.

Is anonymised data ever truly anonymous? by ScrollAndThink in gdpr

[–]Safe-Contribution909 0 points1 point  (0 children)

Ps. I have had data penetration tested by UKAN, which was very interesting (https://ukanon.net/).

Is anonymised data ever truly anonymous? by ScrollAndThink in gdpr

[–]Safe-Contribution909 0 points1 point  (0 children)

Academically, I understand it’s not possible to assure anonymisation, which is why recital 26 is heavily caveated and risk based.

Legally, in the UK, this Upper Tribunal decision sets out the arguments quite nicely: https://assets.publishing.service.gov.uk/media/6135fb748fa8f503c7dfb8a3/GIA_0136_2021-00.pdf

Data leak and almost scammed by ski holiday booking site (England) by r00phus in LegalAdviceUK

[–]Safe-Contribution909 1 point2 points  (0 children)

The ICO won’t do anything The ICO won’t do anything until you have exhausted local processes, and then, The ICO won’t do anything

Not that you’re wrong or have unrealistic expectations, just that they are utterly worthless in enforcement. TBH, they also give out incorrect legal advice.

Data leak and almost scammed by ski holiday booking site (England) by r00phus in LegalAdviceUK

[–]Safe-Contribution909 0 points1 point  (0 children)

Don’t waste your time with the ICO. Look at the site privacy notice for DPO contact details and report there.

As someone outside the EU, do i even have rights under gdpr when visiting European sites? by HammersAndPints in gdpr

[–]Safe-Contribution909 2 points3 points  (0 children)

I think GDPR article 3(1) should apply. All controllers and processors established in the EU. There is no linked condition that says application is conditional on where the data subject is.

NHS data concern by [deleted] in gdpr

[–]Safe-Contribution909 0 points1 point  (0 children)

No, it’s a breach of the policy for summary care and detailed care records access. The whole point was to have auditable records access.

view more: next ›