Thread: Government & Post Election Discussion
View Single Post
Old 29-03-2018, 10:07   #1249
OLD BOY
Rise above the players
 
Join Date: Mar 2008
Location: Wokingham
Services: 2 V6 with 360 software, ITVX, 4+, Prime, Netflix, Apple+, Disney+, Paramount+, Discovery+
Posts: 15,140
OLD BOY is cast in bronzeOLD BOY is cast in bronzeOLD BOY is cast in bronzeOLD BOY is cast in bronze
OLD BOY is cast in bronzeOLD BOY is cast in bronzeOLD BOY is cast in bronzeOLD BOY is cast in bronzeOLD BOY is cast in bronzeOLD BOY is cast in bronzeOLD BOY is cast in bronzeOLD BOY is cast in bronzeOLD BOY is cast in bronzeOLD BOY is cast in bronzeOLD BOY is cast in bronzeOLD BOY is cast in bronzeOLD BOY is cast in bronzeOLD BOY is cast in bronzeOLD BOY is cast in bronzeOLD BOY is cast in bronzeOLD BOY is cast in bronzeOLD BOY is cast in bronzeOLD BOY is cast in bronze
Re: Government & Post Election Discussion
Quote:
Originally Posted by 1andrew1 View Post
I'm afraid you have misinterpreted the regulations Old Boy and tied yourself up in knots. Legitmate use over-rules consent. I suggest you speak to the ICO.
I think you are very complacent about this, Andrew.

The ICO makes it clear that if you collect personal data by consent, you have to tell every person affected for what purposes it will be used (even though it may be obvious) and get their informed consent. They have to be given a copy of your privacy notice as well. On consent, this is one of six 'lawful bases for processing' and by processing, they mean even simply keeping names and addresses. You have to tell people what the lawful basis is for collecting their data, and if you get it wrong, you have to grass on yourself by owning up to the ICO immediately, for which you will be subject to a huge fine.

From the ICO site itself:

What are the lawful bases for processing?

The lawful bases for processing are set out in Article 6 of the GDPR. At least one of these must apply whenever you process personal data:

(a) Consent: the individual has given clear consent for you to process their personal data for a specific purpose.

(b) Contract: the processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract.

(c) Legal obligation: the processing is necessary for you to comply with the law (not including contractual obligations).

(d) Vital interests: the processing is necessary to protect someone’s life.

(e) Public task: the processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law.

(f) Legitimate interests: the processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests. (This cannot apply if you are a public authority processing data to perform your official tasks.)


Why the need for all this? Because the EU is a huge bureaucratic organisation that likes to control people by getting them to jump through their hoops. We will be well out of it when we leave, and my hope is that legislation like this (eg the Acquired Rights Directive, Working Time Directive, etc) will be simplified in UK legislation after we leave the EU.

You can achieve what you want to achieve without making legislation so complicated and time consuming for everyone.
OLD BOY is offline