|
Author |
Message |
- |
This post is not being displayed because the poster has bad karma. Unhide this post / all posts.
|
- Super Spammer
Joined: 22 Oct 2013 Karma :
|
Posted: 13:36 - 05 Mar 2018 Post subject: New EU GDPR legislation |
|
|
Does anyone have an idea what this involves exactly? Everyone I'm talking to can't seem to make head nor tail of it.
I keep customers addresses in my accounting program and use a couple of UK based third parties for Cloud email, backup and domain hosting, which I presume will be compliant.
I have customers names and phone numbers on my phone, so according to this new legislation, it looks like even my phone is liable unless I'm misunderstanding it. ____________________ TZR250 2MA road, TZR250 1KT road, TZR250 2MA race, TDR250, YZF-750R Boost colours.
Jaguar S Type 3.0 V6 Sport R, VW Transporter T5 GP LWB Shuttle 140ps DSG. |
|
Back to top |
|
You must be logged in to rate posts |
|
|
AL- |
This post is not being displayed .
|
AL- World Chat Champion
Joined: 17 Mar 2005 Karma :
|
|
Back to top |
|
You must be logged in to rate posts |
|
|
Im-a-Ridah |
This post is not being displayed .
|
Im-a-Ridah World Chat Champion
Joined: 20 Oct 2006 Karma :
|
Posted: 16:07 - 05 Mar 2018 Post subject: |
|
|
I hope they bring in even more brutal legislation along these lines, more for the likes of Facebook and Google, not really fussed about SMEs.
For a start I'd like every piece of information to be opt in. It's ridiculous they want your name, location, date of birth, gender, email, phone number, to verify both, pictures (as many as possible), and a list of everyone you know or associate with |
|
Back to top |
|
You must be logged in to rate posts |
|
|
iooi |
This post is not being displayed .
|
iooi Super Spammer
Joined: 14 Jan 2007 Karma :
|
|
Back to top |
|
You must be logged in to rate posts |
|
|
Islander |
This post is not being displayed .
|
Islander World Chat Champion
Joined: 05 Aug 2012 Karma :
|
|
Back to top |
|
You must be logged in to rate posts |
|
|
- |
This post is not being displayed because the poster has bad karma. Unhide this post / all posts.
|
- Super Spammer
Joined: 22 Oct 2013 Karma :
|
|
Back to top |
|
You must be logged in to rate posts |
|
|
owl |
This post is not being displayed .
|
owl World Chat Champion
Joined: 21 Oct 2016 Karma :
|
|
Back to top |
|
You must be logged in to rate posts |
|
|
Jewlio Rides Again LLB |
This post is not being displayed .
|
Jewlio Rides Again LLB World Chat Champion
Joined: 06 Oct 2015 Karma :
|
|
Back to top |
|
You must be logged in to rate posts |
|
|
Islander |
This post is not being displayed .
|
Islander World Chat Champion
Joined: 05 Aug 2012 Karma :
|
|
Back to top |
|
You must be logged in to rate posts |
|
|
- |
This post is not being displayed because the poster has bad karma. Unhide this post / all posts.
|
- Super Spammer
Joined: 22 Oct 2013 Karma :
|
Posted: 10:53 - 07 Mar 2018 Post subject: |
|
|
Islander wrote: | mpd72 wrote: | So, just to clarify, anyone who has a customer's phone number on their phone, must have the phone encrypted?
I think this perfectly sums up just how ridiculously vague this EU legislation really is. |
Why wouldn't you encrypt by default anyway? |
So every employee, sole trader etc in the UK, must encrypt their phone if they have a single phone number of a customer in their contacts on the phone? How many workers in the UK do you think this wont apply to?
You think that's going to happen? This is why these rules are not clear enough. ____________________ TZR250 2MA road, TZR250 1KT road, TZR250 2MA race, TDR250, YZF-750R Boost colours.
Jaguar S Type 3.0 V6 Sport R, VW Transporter T5 GP LWB Shuttle 140ps DSG. |
|
Back to top |
|
You must be logged in to rate posts |
|
|
- |
This post is not being displayed because the poster has bad karma. Unhide this post / all posts.
|
- Super Spammer
Joined: 22 Oct 2013 Karma :
|
Posted: 11:01 - 07 Mar 2018 Post subject: |
|
|
That's just the vague view of a private company who sell security software. It's not an official "you must do this".
So what data needs protecting? Where does it stop? Having a company name and address in an accounts program for invoicing, is hardly sensitive data, not is having the company name and phone number in your contacts folder on a phone.
These details are freely advertised on the Internet, yet advice on here is telling me they need protecting, which is clearly bollocks.
This is exactly the point I'm making, nobody really knows what this entails. Many guess or answer so vaguely, that it's open to interpretation. ____________________ TZR250 2MA road, TZR250 1KT road, TZR250 2MA race, TDR250, YZF-750R Boost colours.
Jaguar S Type 3.0 V6 Sport R, VW Transporter T5 GP LWB Shuttle 140ps DSG. |
|
Back to top |
|
You must be logged in to rate posts |
|
|
Islander |
This post is not being displayed .
|
Islander World Chat Champion
Joined: 05 Aug 2012 Karma :
|
|
Back to top |
|
You must be logged in to rate posts |
|
|
owl |
This post is not being displayed .
|
owl World Chat Champion
Joined: 21 Oct 2016 Karma :
|
Posted: 13:55 - 07 Mar 2018 Post subject: |
|
|
mpd72 wrote: |
That's just the vague view of a private company who sell security software. It's not an official "you must do this".
So what data needs protecting? Where does it stop? Having a company name and address in an accounts program for invoicing, is hardly sensitive data, not is having the company name and phone number in your contacts folder on a phone.
These details are freely advertised on the Internet, yet advice on here is telling me they need protecting, which is clearly bollocks.
This is exactly the point I'm making, nobody really knows what this entails. Many guess or answer so vaguely, that it's open to interpretation. |
Search result was GDPR for dummies if you want more detail then
https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/
https://www.eugdpr.org/
if data is already publicly available then there wouldn't be an issue with it being disclosed, a companies phone number and address fine, a directors private mobile and home address, not so much
also this
Islander wrote: |
Why wouldn't you encrypt by default anyway? |
Also don't you own your own IT company? You should have been looking at this for at least the last 6 months at a minimum, it was announced in 2016 ____________________ Observation is the greatest source of wisdom.
Last edited by owl on 14:51 - 07 Mar 2018; edited 1 time in total |
|
Back to top |
|
You must be logged in to rate posts |
|
|
panrider_uk |
This post is not being displayed .
|
panrider_uk World Chat Champion
Joined: 23 Sep 2007 Karma :
|
|
Back to top |
|
You must be logged in to rate posts |
|
|
Jayy |
This post is not being displayed .
|
Jayy Mr. Ponzi
Joined: 08 Jun 2009 Karma :
|
|
Back to top |
|
You must be logged in to rate posts |
|
|
- |
This post is not being displayed because the poster has bad karma. Unhide this post / all posts.
|
- Super Spammer
Joined: 22 Oct 2013 Karma :
|
Posted: 19:09 - 07 Mar 2018 Post subject: |
|
|
vice wrote: | Also don't you own your own IT company? You should have been looking at this for at least the last 6 months at a minimum, it was announced in 2016 |
Maybe because the same panic happens every time something like this comes out, then amateur "experts" appear everywhere, making claims which are simply not true. Think WEEE regulations and the recent changes in Pensions regulations - Neither apply to me.
Do we really expect every person in the EU, who has a mobile number for a customer on a phone or mobile device to encrypt it?
I do not hold any customer data, other than company names/addresses and the odd contact name and email for invoicing, but will probably encrypt my laptops just to make it look like I've made an effort. I've asked the UK based cloud host to confirm they will comply on the 3 services I offer. Other than that there's very little I can do.
The point of this thread has been highlighted perfectly though. Nobody really knows what's entailed. All the majority of people who think they're in the know are doing, is passing off links to vague descriptions on websites and making assumptions based upon guesswork. Nobody is really sure what this entails exactly, because it's fairly open to interpretation.
If it's enforced across the EU, I can see half of Eastern Europe falling foul. ____________________ TZR250 2MA road, TZR250 1KT road, TZR250 2MA race, TDR250, YZF-750R Boost colours.
Jaguar S Type 3.0 V6 Sport R, VW Transporter T5 GP LWB Shuttle 140ps DSG. |
|
Back to top |
|
You must be logged in to rate posts |
|
|
linuxyeti |
This post is not being displayed .
|
linuxyeti World Chat Champion
Joined: 06 Oct 2006 Karma :
|
|
Back to top |
|
You must be logged in to rate posts |
|
|
P. |
This post is not being displayed .
|
P. Red Rocket
Joined: 14 Feb 2008 Karma :
|
|
Back to top |
|
You must be logged in to rate posts |
|
|
linuxyeti |
This post is not being displayed .
|
linuxyeti World Chat Champion
Joined: 06 Oct 2006 Karma :
|
|
Back to top |
|
You must be logged in to rate posts |
|
|
Jewlio Rides Again LLB |
This post is not being displayed .
|
Jewlio Rides Again LLB World Chat Champion
Joined: 06 Oct 2015 Karma :
|
Posted: 20:42 - 07 Mar 2018 Post subject: |
|
|
I'll be straight on the phone advising them that a coloured fruit IT company are not complying. ____________________ Mpd72: I can categorically say i’m Brighter than that, no matter how I come across on here.
HAHAHA HAHAHA Blew Chilly MyCrowSystems |
|
Back to top |
|
You must be logged in to rate posts |
|
|
- |
This post is not being displayed because the poster has bad karma. Unhide this post / all posts.
|
- Super Spammer
Joined: 22 Oct 2013 Karma :
|
Posted: 10:58 - 08 Mar 2018 Post subject: |
|
|
linuxyeti wrote: |
Well, if you don't comply, and you get fined, the current fines for data protection infringements are likely to pale into insignificance .. |
So people keep saying. Do you know exactly what needs doing, or are you joining the ever increasing list of people guessing or redirecting to vague description websites?
So far, I've been told in this thread, that I need to encrypt my PC for having company names and addresses in an accounts program, my phone encrypting because I have company names and phone numbers on it, that Microsoft 365 services will never comply for not being in the EEA, that I need strong passwords (with no quantifying of what "strong" entails) and that my date needs to be "structured", with no idea what that means.
It's all guesswork and hearsay from armchair experts. The regulations are so vague, they're open to interpretation, much of which is causing the vast level of clearly bollocks advice.
It's as clear as mud, nobody can give exact requirements. I wondered if it was just me and the other SME's in the industry, who have said the same thing, but clearly nobody has an exact idea of what it entails. Everyone I've spoken to is just making an effort in some way or another to look like they've actually upped security. ____________________ TZR250 2MA road, TZR250 1KT road, TZR250 2MA race, TDR250, YZF-750R Boost colours.
Jaguar S Type 3.0 V6 Sport R, VW Transporter T5 GP LWB Shuttle 140ps DSG. |
|
Back to top |
|
You must be logged in to rate posts |
|
|
linuxyeti |
This post is not being displayed .
|
linuxyeti World Chat Champion
Joined: 06 Oct 2006 Karma :
|
Posted: 11:37 - 08 Mar 2018 Post subject: |
|
|
mpd72 wrote: | ....
It's as clear as mud, nobody can give exact requirements. I wondered if it was just me and the other SME's in the industry, who have said the same thing, but clearly nobody has an exact idea of what it entails. Everyone I've spoken to is just making an effort in some way or another to look like they've actually upped security. |
... It's not just security ..
The Regulation protects natural persons, whatever their nationality or place of residence.
Scope of Personal Data
Personal data is defined as any information relating to an identified or identifiable natural person ‘data subject’; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.
Sensitive Personal Data
There are 2 categories of data, genetic and biometric data, join the prior list of sensitiveor special personal data: data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, and data concerning health or sex life and sexual orientation.
Pseudonymized Data
Pseudonymized data remains personal data (because it can, by definition, be re-associated with a specific person).
Pseudonymization is viewed as a highly recommended risk-reduction technique.
There are some benefits attached to using pseudonymized data:
pseudonymization is a positive factor when analyzing whether a future data use is compatible with the original use for which the data were gathered;
pseudonymization counts as part of the organizational and technical measures used to safeguard personal data; and
depending on the facts, there may be some relief from data breach notification requirements if the compromised data were pseudonomized and the key that would allow re-identification was not compromised.
Also, aside from protecting this data, an organisation has to have consent from the individual to use/process some, all or none of the personal data. And, this consent must be freely given, specific, informed and unambiguous. Oh, and you can't just have the option in consent to use either
Essentailly ANY data that can be used to identify an individual has to be protected, and have consent to be processed. ____________________ Beware what photos you upload, or link to on here, especially if you have family members on them |
|
Back to top |
|
You must be logged in to rate posts |
|
|
Islander |
This post is not being displayed .
|
Islander World Chat Champion
Joined: 05 Aug 2012 Karma :
|
|
Back to top |
|
You must be logged in to rate posts |
|
|
- |
This post is not being displayed because the poster has bad karma. Unhide this post / all posts.
|
- Super Spammer
Joined: 22 Oct 2013 Karma :
|
Posted: 13:00 - 08 Mar 2018 Post subject: |
|
|
linuxyeti wrote: | ... It's not just security ..
The Regulation protects natural persons, |
As opposed to an unnatural person....?
Yep, clear as mud.
linuxyeti wrote: | Personal data is defined as [b][i]any information relating to an identified or identifiable natural person ‘data subject’; an identifiable person is one who can be identified, directly or indirectly, [b]in particular by reference to an identifier such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.[/b] |
Such as a phone book, or electoral role then... and all the other things Captain Wifebeater obtains online. I presume Companies House will be taking down all personal data of all company directors too, to stop people like him using the details as an Internet warrior weapon?
linuxyeti wrote: | Essentailly ANY data that can be used to identify an individual has to be protected, and have consent to be processed. |
Best of luck enforcing that across the EU.
So name badges are now banned, name tags in school clothing, usernames on Facebook which are the persons name, calling out a name on a tannoy, listing team line ups for a football match online, announcing the name of politicians in online news stories, as is the stalker on here distributing my unique personal details and the name of my ex wife of 2 years, from over 15 years ago, whilst hiding behind his small man syndrome, personal security of anonymity? ____________________ TZR250 2MA road, TZR250 1KT road, TZR250 2MA race, TDR250, YZF-750R Boost colours.
Jaguar S Type 3.0 V6 Sport R, VW Transporter T5 GP LWB Shuttle 140ps DSG. |
|
Back to top |
|
You must be logged in to rate posts |
|
|
- |
This post is not being displayed because the poster has bad karma. Unhide this post / all posts.
|
- Super Spammer
Joined: 22 Oct 2013 Karma :
|
Posted: 13:04 - 08 Mar 2018 Post subject: |
|
|
Islander wrote: |
I'm not an 'armchair expert' by the way, I'm an information security professional and have to have an understanding of relevant legislation. I'm involved in GDPR preparation in the organisation I work for and deal with this on a day to day basis along with information governance colleagues. |
And you told me I had to protect company names and addresses, used for invoicing, in my accounts program, oh and my phone needs encrypting because I have phone numbers of companies in it.
If you're an expert, no wonder nobody has the faintest idea about what this entails. Talk about vague.
You also initially said all cloud data had to be stored in the EEA. I've been told differently by another "expert". ____________________ TZR250 2MA road, TZR250 1KT road, TZR250 2MA race, TDR250, YZF-750R Boost colours.
Jaguar S Type 3.0 V6 Sport R, VW Transporter T5 GP LWB Shuttle 140ps DSG. |
|
Back to top |
|
You must be logged in to rate posts |
|
|
Old Thread Alert!
The last post was made 6 years, 50 days ago. Instead of replying here, would creating a new thread be more useful? |
|
|
|