"sensitive" documents found in street, GDPR?

[Skillmister]

It could happen to anyone!

That sort of thing (well not quite) is what the regs are supposed to stop. At my old place we had a right crack down on papers/files being left out on desks, confidential waste disposal etc etc. Thankfully now I'm paperless my biggest worry is putting the wrong recipient on an email...

 

[Rotty]

Copies of what? Documents that their staff insisted couldn't possibly be theirs?

They now admit they are theirs

 

[Rotty]

Could have blown away in the wind, an accident... Can't class everything with a pointing finger really if the facts aren't known.

apparently they aren't supposed to leave the branch without being destroyed first

 

[Nasher]

Could have blown away in the wind, an accident... Can't class everything with a pointing finger really if the facts aren't known.

You can accidentally leave a USB stick on a train too. You are still required to keep the data safe and are liable if you lose it, in any format.

The fines are ridiculously high now. Up to 2 million per customer or something like that. If you lose a whole database worth of stuff and it wasn't encrypted, your business is ******.

 

[Rotty]

Once you have lodged a disclosure to the ICO they will start their investigation. The data controller will then be given a window in which they must provide the ICO with policies and procedures, evidence of how these have been brought to the attention of employees and included in the day to day running of the business, evidence of staff training and whatever else the ICO see fit to request.

Based on the evidence provided they will either take enforcement action upon the data controller or they will require steps be taken in order to ensure compliance.

.

That's pretty much what the ICO and Data protection officer told me

 

[mrk]

Alright I understand, throw them to the pigs!

 

[hughtrimble]

Alright I understand, throw them to the pigs!

You mean 'throw the pigs to them' given who we're talking about here

 

[mrk]

Don't throw animals


Oh wait.

 

[Deleted member 651465]

Plot twist: Rotty tries to send copies of the data to the ICO and the branch, only for the data to be intercepted by another party!

 

[Rotty]

Plot twist: Rotty tries to send copies of the data to the ICO and the branch, only for the data to be intercepted by another party!

And I get done under GDPR regs

 

[vanpeebles]

Update :|

 

[Gypo]

Dread the day I have to deal with the ICO, luckily so far I've dealt with minor breaches

 

[Rotty]

Update :|

nothing much, ICO asked for more info this morning

 

[Rotty]

Dread the day I have to deal with the ICO, luckily so far I've dealt with minor breaches

they do seem keen to say the least

 

[mjt]

We are 1 year into GDPR this week and you wouldn't believe how many companies are still not compliant, don't have a DPO and haven't registered with the ICO.

Maybe they're hoping Brexit means no more GDPR?

 

[SexyGreyFox]

Before you dob them in make sure you've perfected your newspaper pose which will feature you pointing to the documents with an amazed face.

 

[Jimbeam3678]

Back when I was at infotech expo the ICO were presenting there and they adamant they much prefer carrot and stick approach. So I would imagine they will enforce education on them and then follow up for proof this is happening.

 

[Rotty]

Before you dob them in make sure you've perfected your newspaper pose which will feature you pointing to the documents with an amazed face.

reckon I could do that

 

[Rotty]

Back when I was at infotech expo the ICO were presenting there and they adamant they much prefer carrot and stick approach. So I would imagine they will enforce education on them and then follow up for proof this is happening.

I think so too, get them to put proper process in place while simultaneously puting the fear of god in them

 

[NickK]

In town tonight and found a number of personal tenancy agreements / applications from a lettings agency blowing around the street

these have names/addresses/phone numbers/ rent amounts on them

don't want to be a **** but IMO this is out of order

any idea where to report or what to do?

To your title question - yes. Any leak of personal informal is covered by GDPR.

The company concerned only has a short period of time to inform those affected.