GDPR - The first complaints are in!!

[jpaul]

I am after solutions

per software discussion this is a good cookie vaccine, for firefox anyway

Advanced Settings:
- First Party Isolation ON https://www.ghacks.net/2017/11/22/how-to-enable-first-party-isolation-in-firefox/

but many web-sites seem to take the **** making it difficult to disable non essential cookies, have to disable them individually

Spoiler: some of the cookie list

several US sites are blocking UK access (even recognising some vpn servers), to avoid gpdr libaility - chicago tribune

 

[unwashed potato!]

When they share that information with your business it includes people employed by that business that require reasonable access to the information for whatever processing takes place.

figured as such. thanks

 

[Pez]

figured as such. thanks

It should be in your privacy notice and processing policy I.e. well collect x data in order to provide y service. You need to tell customers why your collecting it data and how it will be used.

 

[Randomface74]

but many web-sites seem to take the **** making it difficult to disable non essential cookies, have to disable them individually

Spoiler: some of the cookie list

doesn't matter, if they're isolated they aren't gonna track anything

 

[Raumarik]

sorry to hijack a thread but figured i'd ask in here rather than start a new one. does anyone know what the rules are about sharing customer information internally with staff? I assume this would be ok, for instance a customer books with us, the information is given to staff including address, name, email, a mobile number, as these are needed for the work to take place. Would i need consent from the customer to do this as it's within our business and not shared with anyone else.

Depends what the customer consents to at the point of ordering the service/parts. As long as you've stated that you'll use their data in the process of carrying out what they have asked for and won't share it externally you are fine.

If you at any point pass it onto a third party, you need to inform people of that when asking for data. Internally is fine.

 

[unwashed potato!]

Depends what the customer consents to at the point of ordering the service/parts. As long as you've stated that you'll use their data in the process of carrying out what they have asked for and won't share it externally you are fine.

If you at any point pass it onto a third party, you need to inform people of that when asking for data. Internally is fine.

What about to Google calendar?? Does that class as externally? Or to an android phone by text? Or by WhatsApp as we may message some details.

 

[jpaul]

won't you need to be signed up for G-suite to avoid google gdpr issues ?
https://www.cloudsolutions.co.uk/blog/gdpr-and-g-suite/

 

[omnomnom]

Whatsapp wasnt free when i had it, i paid a fee for the app so the whole "free" argument isnt always the case there.

 

[Raumarik]

What about to Google calendar?? Does that class as externally? Or to an android phone by text? Or by WhatsApp as we may message some details.

it's typically who you are sharing it with that matters. the method of sharing would be done under appropriate technical and security controls. so if a breach did occur the ICO would be looking at whether you did what you could to secure the data.

we have data processing agreements in place for third parties who handle our data but that's likely not practical for smaller companies, so check T&C's and make sure your happy with them. SMS will likely be ok but I'd personally document how you have secured the phones and have a 1 page doc specifying what is sent etc make sure staff read it and sign so if they send a text to some random number you can point to that policy if the ICO show up.

it's all about training, documents, awareness and letting people know what you do with their data but you don't need to go into lots of detail over processes eg use of SMS,gcloud etc