Thread: Government & Post Election Discussion
View Single Post
Old 23-03-2018, 21:17   #1225
1andrew1
cf.mega poster
 
Join Date: Dec 2013
Posts: 14,229
1andrew1 is cast in bronze1andrew1 is cast in bronze1andrew1 is cast in bronze1andrew1 is cast in bronze
1andrew1 is cast in bronze1andrew1 is cast in bronze1andrew1 is cast in bronze1andrew1 is cast in bronze1andrew1 is cast in bronze1andrew1 is cast in bronze1andrew1 is cast in bronze1andrew1 is cast in bronze1andrew1 is cast in bronze1andrew1 is cast in bronze1andrew1 is cast in bronze1andrew1 is cast in bronze1andrew1 is cast in bronze1andrew1 is cast in bronze
Re: Government & Post Election Discussion
Quote:
Originally Posted by OLD BOY View Post
I am not saying that data shouldn't be protected, Andrew, I am saying that the legislation should set out how organisations deal with personal data.

For example, rather than have every organisation having to state that they will only use personal data for the purposes for which it was collected, the legislation itself should say something like:

'Where an organisation collects personal data by consent, it shall not use such data for any purpose that has not been agreed by the subject.'

It really is that simple, and it is a good example of how the EU seems to prefer always to tie everyone up in red tape.

Contrary to what you say, it certainly is a burden for small businesses, particularly when you remember that if you select the wrong category for describing the data usage, you cannot subsequently put it into a more appropriate category as you will be deemed to have breached the regulation. So you have to report yourself immediately you realise and face a huge fine!

This regulation is oppressive and should never have been enacted in its present form.
You need to speak to the Information Commissioner's Office Old Boy. You've either been mislead or you don't understand its approach. It's taking a carrot approach so don't expect fines, it will take places like yours a bit of time before they understand what's required so you won't be taken to the cleaners just yet.
The legislation is all about giving power to the people and encouraging companies to handle data in the way that they would want their own personal data handled.
I can't see an issue with companies having a privacy statement that confirms data will only be used for the purpose for which consent was given. legal good practice wording is to state a positive, not a negative so your wording fails that basic test.
Remember, a company's legitimate interest in processing data overrule's an individual's consent.
What precise circumstances do you mean? Can you provide an example?
But GDPR probably requires a separate thread itself as I'm seeing lots of intelligent people like you bamboozled and led to the nearest cashpoint by consultants and lawyers.
Last edited by 1andrew1; 23-03-2018 at 21:20.
1andrew1 is offline