|
Author |
Message |
Easy-X |
This post is not being displayed .
|
Easy-X Super Spammer
Joined: 08 Mar 2019 Karma :
|
Posted: 12:33 - 27 Jul 2021 Post subject: GDPR Compliance |
|
|
I'm sure we have some clever computer bods on here and I'm wondering if you could help me wrap my head around GDPR
I'm writing a POS integration for [unnamed slave drivers] and (as is usual) a long API contract awaits. Embedded in there is a "...we send you PII..." hence the mention of GDPR. Thing is we don't even need any of this personal information, we just want the sale items and the special code for the slave delivery rider.
I could quite easily ignore this personal information at the Cloud side but technically we're still being sent it. Is this enough to not worry about GDPR or am I going to need to write up some compliance spec on how we don't actually process anything?
There's no need for [unnamed slave drivers] to send us this info but technically the target site could do their own fulfilment, not that anyone does. If they did they'd probably have their own website or use Just Eat. Anyhoo, seems like the data centre hobgoblins are all "send them it anyway whether they need it or not!" which I thought GDPR was meant to put a stop to ____________________ Husqvarna Vitpilen 401, Yamaha XSR700, Honda Rebel, Yamaha DT175, Suzuki SV650 (loan) Fazer 600, Keeway Superlight 125, 50cc turd scooter |
|
Back to top |
|
You must be logged in to rate posts |
|
|
Zen Dog |
This post is not being displayed .
|
Zen Dog World Chat Champion
Joined: 11 Aug 2004 Karma :
|
Posted: 15:42 - 27 Jul 2021 Post subject: |
|
|
It seems like you need the advice of a compliance specialist more than a computer one. I've got some GDPR experience but I'm not an expert (in this...or anything else to be honest).
But it seems to me that your issue comes down to - If you are being sent personal data, but you don't access it or store it, are you still a data processor in the GDPR sense?
If you're not, yay. If you are, well it's time to open the GDPR can of worms. I suspect the answer will be that you are a data processor, but it's definitely worth finding out for sure, because if you're not you're going to save a lot of effort.
This may or may not be helpful - https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/controllers-and-processors/how-do-you-determine-whether-you-are-a-controller-or-processor/ ____________________ Current - '94 VFR750FR, '00 VFR800FI Previous - '10 Street Triple R, '92 MZ ETZ301, '05 TTR250, NSR125R, KMX125, "Honda" Win (chinese copy of an old Honda design with a C90 engine)
My bike trip around S.E. Asia 2010/2011 |
|
Back to top |
|
You must be logged in to rate posts |
|
|
Easy-X |
This post is not being displayed .
|
Easy-X Super Spammer
Joined: 08 Mar 2019 Karma :
|
Posted: 11:49 - 28 Jul 2021 Post subject: |
|
|
Thanks, there seems to be loads of info on what to do if you are a controller or processor to the point where it drowns out any meaningful discussion on edge-cases. Maybe this is the intent to keep compliance officers in a job ____________________ Husqvarna Vitpilen 401, Yamaha XSR700, Honda Rebel, Yamaha DT175, Suzuki SV650 (loan) Fazer 600, Keeway Superlight 125, 50cc turd scooter |
|
Back to top |
|
You must be logged in to rate posts |
|
|
Islander |
This post is not being displayed .
|
Islander World Chat Champion
Joined: 05 Aug 2012 Karma :
|
|
Back to top |
|
You must be logged in to rate posts |
|
|
Easy-X |
This post is not being displayed .
|
Easy-X Super Spammer
Joined: 08 Mar 2019 Karma :
|
Posted: 13:56 - 28 Jul 2021 Post subject: |
|
|
Just had a deep dive into the API specs and regardless of fulfilment type we will apparently be getting First Name , Last Name and an "anonymised" phone number. (I assume this number runs through some sort of proxy dialler that forwards the call on.) Only restaurant fulfilment hands out the punter's address, phew!
Is First Name , Last Name enough to trigger the need for all this GDPR & Data Protection stuff?
<edit> just been informed we don't get the last name, even better! I think I panicked a bit too much, sorry guys ____________________ Husqvarna Vitpilen 401, Yamaha XSR700, Honda Rebel, Yamaha DT175, Suzuki SV650 (loan) Fazer 600, Keeway Superlight 125, 50cc turd scooter |
|
Back to top |
|
You must be logged in to rate posts |
|
|
Islander |
This post is not being displayed .
|
Islander World Chat Champion
Joined: 05 Aug 2012 Karma :
|
Posted: 21:21 - 29 Jul 2021 Post subject: |
|
|
Easy-X wrote: | Just had a deep dive into the API specs and regardless of fulfilment type we will apparently be getting First Name , Last Name and an "anonymised" phone number. (I assume this number runs through some sort of proxy dialler that forwards the call on.) Only restaurant fulfilment hands out the punter's address, phew!
Is First Name , Last Name enough to trigger the need for all this GDPR & Data Protection stuff?
<edit> just been informed we don't get the last name, even better! I think I panicked a bit too much, sorry guys |
The definition is any piece of information that on its own or with one or more additional pieces of information can be used to identify a living individual.
If it were first name + last name then you've got a living individual right there. If it's a first name and the rest anonymised (properly anonymised!) then you're probably alright.
Development really should use entirely dummy data though. |
|
Back to top |
|
You must be logged in to rate posts |
|
|
Old Thread Alert!
The last post was made 2 years, 264 days ago. Instead of replying here, would creating a new thread be more useful? |
|
|
|