Results 1 to 5 of 5

Thread: @SW - This pesky GDPR malarkey.

  1. #1

    @SW - This pesky GDPR malarkey.

    I had a quick butchers, and it looks like it'll be quite the nuisance. Didn't much like the cut of its jib with all the stern obligations for 'data controllers'.

    Any tips? Where can I quickly get an idea of what sort of data we'll be allowed to keep?

  2. #2
    Quote Originally Posted by Ash View Post
    I had a quick butchers, and it looks like it'll be quite the nuisance. Didn't much like the cut of its jib with all the stern obligations for 'data controllers'.

    Any tips? Where can I quickly get an idea of what sort of data we'll be allowed to keep?
    It really boils down to consent from the individual, consent to 1) hold their personal data and 2) consent to us the personal data for purposes which are made clear to the subject and to which he/she further consents.

    To clarify point 2 a person may consent their details to be used for relatively innocent marketing missives but then not for further processes such as profiling which in turn may be used for decision making.

    The thorny issue is legacy data, whereas controls for the above can or must be put in place from 05/18 how does one address the data already in place on databases. We have over half a million such people on a master database and cannot really be expected to contact all in order to clarify such issues.

    This is the obvious one - customer data on marketing or CRM databases, you then need to widen the scope and look at HR records and whether or not there is reason to collate all the data you do, even something such as the use of CCTV is of course governed by basic DP rules.

    Sorry.


  3. #3
    Quote Originally Posted by SWv2 View Post
    It really boils down to consent from the individual, consent to 1) hold their personal data and 2) consent to us the personal data for purposes which are made clear to the subject and to which he/she further consents.

    To clarify point 2 a person may consent their details to be used for relatively innocent marketing missives but then not for further processes such as profiling which in turn may be used for decision making.

    The thorny issue is legacy data, whereas controls for the above can or must be put in place from 05/18 how does one address the data already in place on databases. We have over half a million such people on a master database and cannot really be expected to contact all in order to clarify such issues.

    This is the obvious one - customer data on marketing or CRM databases, you then need to widen the scope and look at HR records and whether or not there is reason to collate all the data you do, even something such as the use of CCTV is of course governed by basic DP rules.

    Sorry.

    This is helpful, thanks. We have about 50,000 people on our db. This might be an excuse to delete about 40,000 of them.

    Then the books auditor will turn up and say "Where is your old customer data?"

    "Oh."

    The more interesting part of the job is to find new ways to use data for useful, entrepreneurial things like profiling for marketing and customer retention and care. If we have to document explicit algorithms and get consent at every step like fumbling students trying to have sex in a highly-controlled university campus it'll be no fun at all.

    I wonder what the likes of yer googles, facebooks and amazons are going to do. This sort of algorithmic profiling is part of their bread and butter, I thought.

    Ten million Euro fine for non-compliance? Or 4% of turnover - whichever is larger? How many businesses and jobs are going to get vapourised if they enforce that?

  4. #4
    Quote Originally Posted by Ash View Post
    This is helpful, thanks. We have about 50,000 people on our db. This might be an excuse to delete about 40,000 of them.

    Then the books auditor will turn up and say "Where is your old customer data?"

    "Oh."

    The more interesting part of the job is to find new ways to use data for useful, entrepreneurial things like profiling for marketing and customer retention and care. If we have to document explicit algorithms and get consent at every step like fumbling students trying to have sex in a highly-controlled university campus it'll be no fun at all.

    I wonder what the likes of yer googles, facebooks and amazons are going to do. This sort of algorithmic profiling is part of their bread and butter, I thought.

    Ten million Euro fine for non-compliance? Or 4% of turnover - whichever is larger? How many businesses and jobs are going to get vapourised if they enforce that?
    Profiling is of course another thorny issue.

    https://ico.org.uk/media/2013894/ico...ion-making.pdf

    I expect your very large organisations such as those you suggest have very well paid legal heads who spend most of their day working out legal interpretations of legislation to allow them to carry out their work. They may also anonymise the data at source which in turn may remove some DP issues as a person cannot (in theory) be identified from anonymous data.

  5. #5
    Quote Originally Posted by SWv2 View Post
    Profiling is of course another thorny issue.

    https://ico.org.uk/media/2013894/ico...ion-making.pdf
    Potentially it's quite all-encompassing.

    • causes, individuals to change their behaviour in a significant way; or
    • has unlikely, unanticipated or unwanted consequences for individuals.


    So you persuaded your customer to come out for a drink chez nous on their birthday, they had one too many and did something off-message, and they decide to blame you for persuading them. And it's down to the lawyers to battle it out.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •