GDPR / DPA2018 and Your Data Rights

[bickster]

1 hour ago, Xela said:

Saw GDPR title thread and knew Bicks would be all over it like a hungry dog eating sausages.

Wasn't disappointed. 

You know you're gonna start him off mentioning sausages

[Rds1983]

Interesting timing with this thread for me. I've just done a sideways move at the Bank from auditing supplier's GDPR controls and compliance (among many other things) to being a full time data privacy manager. 

[Rds1983]

Following the ICO virtual conference yesterday they've published some guidance I'm sure some of you might find interesting:

https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2023/10/ico-publishes-guidance-to-ensure-lawful-monitoring-in-the-workplace

"

If an organisation is looking to monitor workers, it must take steps including: 

• Making workers aware of the nature, extent and reasons for monitoring.
• Having a clearly defined purpose and using the least intrusive means to achieve it.
• Having a lawful basis for processing workers data – such as consent or legal obligation.
• Telling workers about any monitoring in a way that is easy to understand.
• Only keeping the information which is relevant to its purpose.
• Carrying out a Data Protection Impact Assessment for any monitoring that is likely to result in a high risk to the rights of workers.
• Making the personal information collected through monitoring available to workers if they make a Subject Access Request (SAR)."

[bickster]

1 hour ago, Rds1983 said:

Following the ICO virtual conference yesterday they've published some guidance I'm sure some of you might find interesting:

https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2023/10/ico-publishes-guidance-to-ensure-lawful-monitoring-in-the-workplace

"

If an organisation is looking to monitor workers, it must take steps including: 

• Making workers aware of the nature, extent and reasons for monitoring.
• Having a clearly defined purpose and using the least intrusive means to achieve it.
• Having a lawful basis for processing workers data – such as consent or legal obligation.
• Telling workers about any monitoring in a way that is easy to understand.
• Only keeping the information which is relevant to its purpose.
• Carrying out a Data Protection Impact Assessment for any monitoring that is likely to result in a high risk to the rights of workers.
• Making the personal information collected through monitoring available to workers if they make a Subject Access Request (SAR)."

There seems to be absolutely nothing new in there. It all seems exactly as you’d think it was. Thanks for sharing though.

[Rds1983]

52 minutes ago, bickster said:

There seems to be absolutely nothing new in there. It all seems exactly as you’d think it was. Thanks for sharing though.

I think it's more reiterating their stance and clarifying it again.

There's a definite increase in firms wanting to do stuff like this so their keen to make sure firms don't cross the line as a lot of non DP people won't even consider the risks.

[Rds1983]

I'm curious how many People on the site have read the updated DPN or if I'm the only one?

[bickster]

13 minutes ago, Rds1983 said:

I'm curious how many People on the site have read the updated DPN or if I'm the only one?

Did you compare it to the last one and identify the changes?  

I did skip read it last night as I was in need of a solution to get me to sleep

[limpid]

35 minutes ago, Rds1983 said:

I'm curious how many People on the site have read the updated DPN or if I'm the only one?

It's a privacy policy. \What does DPN stand for?

[Rds1983]

36 minutes ago, bickster said:

Did you compare it to the last one and identify the changes?  

I did skip read it last night as I was in need of a solution to get me to sleep

Of course and I can see the change about Google analytics. 

Spoiler

Not really. Limpid kindly told me in a DM as I'd asked him a question on it. I'm ashamed to say I hadn't read it before. Didn't know about Data Privacy when I joined the site and hadn't really considered it for here since.

 

[bickster]

21 minutes ago, limpid said:

It's a privacy policy. \What does DPN stand for?

Decentralised Private networks in my book

It's another of those terms that has crept into some peoples usage erroneously, see also DSAR when it's SAR

[Rds1983]

Just now, bickster said:

Decentralised Private networks in my book

Data Privacy/Protection Notice. More formal way of saying the Privacy Policy and what they're called at work so is force of habit for me. It's also quicker to type.

[bickster]

1 minute ago, Rds1983 said:

Data Privacy/Protection Notice. More formal way of saying the Privacy Policy and what they're called at work so is force of habit for me. It's also quicker to type.

Yes but the point is that DPN actually already stands for something else

[rjw63]

On 30/09/2023 at 07:42, Rds1983 said:

Interesting timing with this thread for me. I've just done a sideways move at the Bank from auditing supplier's GDPR controls and compliance (among many other things) to being a full time data privacy manager. 

So that's why you're on VillaTalk all day.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

[Rds1983]

23 minutes ago, bickster said:

Yes but the point is that DPN actually already stands for something else

Every three letter acronym has a multitude of meanings depending on the context. They're often potentially linked to which causes headaches. 

[Rds1983]

https://iapp.org/news/a/uk-gdpr-reforms-move-forward-in-uk-parliament/

"On 29 Nov., the proposed U.K. Data Protection and Digital Information Bill moved a step closer to passage.

The U.K. House of Commons voted to avoid recommitting the bill following the recent introduction of U.K. government-backed amendments, instead moving the proposal to the report stage of consideration. If the recommittal vote succeeded, the bill and its proposed changes would've moved back to the committee debate.

The bill, originally published 8 March — the first day of IAPP's Data Protection Intensive in London — seeks to make various reforms to the U.K. General Data Protection Regulation and Data Protection Act 2018."

Some good, some bad, but feel it'll just be rewritten by Labour when they get in anyway.

[bickster]

1 hour ago, Rds1983 said:

Some good, some bad, but feel it'll just be rewritten by Labour when they get in anyway.

Or more likely completely forgotten about

[DCJonah]

So John Lewis have shared my mom's personal information with a complete stranger who lives on the same road. 

Fortunately this person came round to let her know, that after replacing a television, she was sent an order form with my mom's name, address, email address and phone number. 

She's sent two emails and John Lewis haven't responded. 

Any advice on the best way to deal with it?

 

[bickster]

7 minutes ago, DCJonah said:

So John Lewis have shared my mom's personal information with a complete stranger who lives on the same road. 

Fortunately this person came round to let her know, that after replacing a television, she was sent an order form with my mom's name, address, email address and phone number. 

She's sent two emails and John Lewis haven't responded. 

Any advice on the best way to deal with it?

 

When did she contact them and who did she contact?

What is your ultimate aim with carrying out these actions?

As data breaches go its particularly minor

[DCJonah]

8 minutes ago, bickster said:

When did she contact them and who did she contact?

What is your ultimate aim with carrying out these actions?

As data breaches go its particularly minor

Think she contacted the local store that sent them out. 

She's just annoyed about it and want's to ensure it hasn't been given out to anyone else. 

I suggested she contact head office and have a moan to them but didn't know if there was a better way to go about it. 

[Davkaus]

I agree it's fairly minor, but it'd piss me off enough to raise it formally, and the right way to do that is sending the details to DPO@johnlewis.co.uk rather than messing around with staff in store, who probably had nothing to do with it