GDPR Compliance

Mr Sprue · May 28, 2018, 08:55:11 PM

Quote from: MJKERR on May 28, 2018, 08:50:42 PM
Quote from: Mr Sprue on May 28, 2018, 07:49:03 PM
I have had a barrage of bloody emails warning of GDPR and that I must act or have my details deleted from various databases

a few contain a link for me to select to acknowledge and give permissions on my personal data.

As for the rest I fear a lot of information I receive in my mailbox is going to cease purely because a simple link saying "Click here to agree" or what ever wasn't there for me

Sadly I have now found some organisations are getting round this by moving their server from the EU to USA (for example)
Equally, some organisations have revised their website specifically for EU content, by removing any and all tracking scripts

So in a nutshell all a complete waste of time! That's polotricks for you.

broadsword · May 28, 2018, 09:12:21 PM

I agree to the GPDR as listed, however didn't receive any message,
perhaps because I no longer use the email provider I had when I joined
the NGF.

Steve Brassett · May 28, 2018, 09:20:46 PM

Quote from: MJKERR on May 28, 2018, 08:50:42 PM

Sadly I have now found some organisations are getting round this by moving their server from the EU to USA (for example)
Equally, some organisations have revised their website specifically for EU content, by removing any and all tracking scripts

This shouldn't matter, as GDPR covers EU Citizens, no matter where the servers. In fact, some US companies have temporarily stopped dealing with EU citizens until they can get their act together.

daffy · May 28, 2018, 09:23:11 PM

I happily agree with the NGF GDPR. Guess I must have already done it!

I've had so many GDPR emails and even stuff in the post that I no longer know who I agreed what to and when.

Quote from: Mr Sprue on May 28, 2018, 07:49:03 PM

P.S So what happens when the UK leaves the EU then?

Now there's a multi-billion dollar question.

Lankyman · May 28, 2018, 09:35:26 PM

I am confused, and it's not just my age. Like everyone else I have been bombrded with e-mails about GDPR. Many required me to follow a link to sign up that I agree with the new policy but others just invite me to check out changes to that organisations policy. But what do I have to dohere? Mr Sprue asked this question earlier in the thread but nobody has responded.

Several people have simply posted on this thread that they are happy with the Forum's privacy policy. Are we all expected to do that? Do the Mods have a responsibility to check that every member responds? But what is the policy and where is it? I know where the Forum Rules and Code of Conduct are and I do my best to comply but that was last updated in 2014 so there's been no change there as a result of the new legislation.

Maybe I am missing something but I haven't had a personal e-mail either privately or as a message on this Forum so I see nothing to sign up to. However, to be on the safe side because I am desperate not to be thrown out of this wonderful Forum I will say publicly that am happy to the new GDPR policy.

Ron

njee20 · May 28, 2018, 09:58:05 PM

Various things which were fine previously are no longer acceptable under GDPR - for example a pre-selected check box opting you into a newsletter. As such many people have required you to now actively consent, having previously not actually gained your consent.

Others have simply updated privacy policies to tell you how they're using your data, include a right to be forgotten as such. Basically everyone you have an account with should have contacted you in some shape or form, although action will not have been required on many.

I've seen several people saying about moving servers to the US to avoid the problem, but as said it's nothing whatsoever to do with the physical location of servers, rather the location of the people whose data they're holding. Quite intrigued to see which company gets the first monster fine for a breach or non-compliance!

Lankyman · May 28, 2018, 10:13:41 PM

Thank you Only Me for your explanation. Not only was I confused it nows seems that I am suffering from loss of memory. I know this could be just an age thing but it could also be more something more serious. Having read the policy through the link you posted I can vaguely remeber reading that on some previous occasion so I must have signed up then.

Thank you for your kind patience with this old man. You and Tank really do a good job running this Forum and it is must seem a thankless task sometimes having to deal with old duffers like me but your efforts really are appreciated.

Ron

MJKERR · May 29, 2018, 05:56:30 AM

Quote from: Lankyman on May 28, 2018, 09:35:26 PM
I am confused, and it's not just my age. Like everyone else I have been bombrded with e-mails about GDPR. Many required me to follow a link to sign up that I agree with the new policy but others just invite me to check out changes to that organisations policy. But what do I have to dohere? Mr Sprue asked this question earlier in the thread but nobody has responded.

Quote from: MJKERR on May 28, 2018, 08:50:42 PM
if you want to remain subscribed and there is a link use it

As above, it is all about how the organisation has interpreted what they are required to do and their interaction with any person within the EU
Some are requesting your consent, hence a link within an eMail
Some organisations do not like using these links within eMail so have provided a statement
Some organisations have updated their website or in extreme cases created additional websites
I have found at least three organisations who have moved their websites from servers in Europe to the USA, along with a small update to their privacy policy
Some organisations do not need to do anything, or only just update their privacy policy
Finally, some organisations have still not done anything!

MJKERR · May 29, 2018, 06:11:12 AM

Quote from: njee20 on May 28, 2018, 09:58:05 PM
I've seen several people saying about moving servers to the US to avoid the problem, but as said it's nothing whatsoever to do with the physical location of servers, rather the location of the people whose data they're holding. Quite intrigued to see which company gets the first monster fine for a breach or non-compliance!

This is the issue, the ICO can really only pursue a commercial company (and they even admitted this a few weeks ago)
One of the organisations I am aware of that has simply moved their online content from Europe to the USA to avoid this issue is not a commercial company, but does make revenue from visitors to their websites in Europe

https://ico.org.uk/action-weve-taken/enforcement/?facet_type=Enforcement+notices
It takes about four months for full details to be published, so wait until about September to find out...

daffy · May 29, 2018, 07:12:37 AM

Thanks for the detail and that link, MJKerr.

It is interesting to use the left hand tick boxes on the ICO page to show what Prosecutions and Monetary Penalties have been meted out in the past year. In a year from now I wonder how much that picture will have changed due to GDPR?

And I fully endorse what has been said by @Lankyman .

Bramshot · May 29, 2018, 09:07:59 AM

Being thick this morning, where do I go to sign up? Don't think I have seen anything,unless it got lost amongst all the others in my brain.