Quote Originally Posted by Ash View Post
I had a quick butchers, and it looks like it'll be quite the nuisance. Didn't much like the cut of its jib with all the stern obligations for 'data controllers'.

Any tips? Where can I quickly get an idea of what sort of data we'll be allowed to keep?
It really boils down to consent from the individual, consent to 1) hold their personal data and 2) consent to us the personal data for purposes which are made clear to the subject and to which he/she further consents.

To clarify point 2 a person may consent their details to be used for relatively innocent marketing missives but then not for further processes such as profiling which in turn may be used for decision making.

The thorny issue is legacy data, whereas controls for the above can or must be put in place from 05/18 how does one address the data already in place on databases. We have over half a million such people on a master database and cannot really be expected to contact all in order to clarify such issues.

This is the obvious one - customer data on marketing or CRM databases, you then need to widen the scope and look at HR records and whether or not there is reason to collate all the data you do, even something such as the use of CCTV is of course governed by basic DP rules.

Sorry.