FLYER Club Member
Sun Apr 22, 2018 7:44 am
#1606289
Flintstone wrote:
Which is what Facebook does, but without the vaseline
Which is what Facebook does, but without the vaseline
Which is what Facebook does, but without the vaseline
Sun Apr 22, 2018 1:39 pm
#1606351
GDPR applies to organisations worldwide if they are providing services to, and/or processing the personal data of, EU citizens.
Personal data is anything that can directly or indirectly identify a living person - IP addresses and online identifiers are very much in scope.
There are various ways in which processing can be lawful, but a lawful purpose must be established and, in simple terms, you can’t capture data for one lawful purpose and then suddenly decide to use it in a difference ways.
There are various other things:
- you must keep personal information secure using all reasonable means (taking into to account heya is possible, risk and impact)
- organisations that gather personal data are accountable for the actions of other people/organisations that process it
- people have a right to be informed who has their information (data controllers who come by the information must issue privacy notices and privacy notices must include various specified things)
- the information that’s you capture and process, must be minimised (only collect what is necessary for the defined lawful purpose) and only kept for as long as is needed.
This is just a potted version of some key points.
Personal data is anything that can directly or indirectly identify a living person - IP addresses and online identifiers are very much in scope.
There are various ways in which processing can be lawful, but a lawful purpose must be established and, in simple terms, you can’t capture data for one lawful purpose and then suddenly decide to use it in a difference ways.
There are various other things:
- you must keep personal information secure using all reasonable means (taking into to account heya is possible, risk and impact)
- organisations that gather personal data are accountable for the actions of other people/organisations that process it
- people have a right to be informed who has their information (data controllers who come by the information must issue privacy notices and privacy notices must include various specified things)
- the information that’s you capture and process, must be minimised (only collect what is necessary for the defined lawful purpose) and only kept for as long as is needed.
This is just a potted version of some key points.
Sun Apr 22, 2018 2:44 pm
#1606368
@Leodisflyer thanks for that.
My point was less about GDPR generally (I'm reasonably well versed in that) but the unknown which is how it will be applied post-Brexit.
It's not as simple as saying it will be copied into UK law, as there are significant decisions around how it is 'copy and pasted', such as whether the EU Commission will recognise the UK as a 'third country' that can be trusted with personal data transfers of EU citizens, and will the UK government regard the EU as a 'third country', and again whether or not that will be one trusted with personal data transfers of UK citizens.
From a practical level that will impact what analysis tools I can use as a UK business focused on UK citizens - the easy bits are things like server hosting (I can move my own company servers quite easily) but more complex for many of the specialist data processing tools that this thread was discussing, which are currently hosted in Ireland. That's fine at the moment as I can process customer data in Ireland, but post Brexit I don't know if I will be able to, because I don't know if the UK 'copy and paste' of GDPR will reference that UK personal data must be kept in the UK, or whether it will continue to allow it to be transferred within the EU.
My point was less about GDPR generally (I'm reasonably well versed in that) but the unknown which is how it will be applied post-Brexit.
It's not as simple as saying it will be copied into UK law, as there are significant decisions around how it is 'copy and pasted', such as whether the EU Commission will recognise the UK as a 'third country' that can be trusted with personal data transfers of EU citizens, and will the UK government regard the EU as a 'third country', and again whether or not that will be one trusted with personal data transfers of UK citizens.
From a practical level that will impact what analysis tools I can use as a UK business focused on UK citizens - the easy bits are things like server hosting (I can move my own company servers quite easily) but more complex for many of the specialist data processing tools that this thread was discussing, which are currently hosted in Ireland. That's fine at the moment as I can process customer data in Ireland, but post Brexit I don't know if I will be able to, because I don't know if the UK 'copy and paste' of GDPR will reference that UK personal data must be kept in the UK, or whether it will continue to allow it to be transferred within the EU.
Sun Apr 22, 2018 4:24 pm
#1606382
Cheers @rikur_ I wasn't so much replying to your point as adding general info re GDPR for others.
I agree with your points and would add that there's a lot of uncertainty at the moment as to what is going to happen. The UK has a very successful data processing industry, with significant numbers of high-value jobs around the country, and has benefitted from being able to say that data located in the UK is also in the EU.
HMG, AIUI, have put continued free movement of data in its negotiating position wish list, but that position has to be accepted by the EU, there needs to then be a deal and we need to pass the adequacy test - as you say. Passing the adequacy test, if we don't have it automatically as part of continued EU membership or an exit deal, would need to become a goal of future UK governments.
It's not just the question of how the Henry VIII powers will be implemented, but also the cost to UK businesses of setting up data protection contacts in the EU if we are outside (there's already a startup industry in the EU for organisations worldwide who need to meet their obligations).
If the Facebook news has woken politicians up to anything it should be that commerce these days is not just about physical widgets, but about services and information - especially information as that is involved in every service and widget transaction.
I'm an optimist and believe that this will all be sorted out in the final bill that is presented to the UK and EU parliaments. The Irish border question can't be solved unless we stay in a (the) customs union, membership of a customs union requires acceptance of a court to settle disputes, which then opens the way for us to remain within the EU territorial scope of GDPR, accepting the role of the EU data protection board and, ultimately, the ECJ.
If we end up without a deal then the location and movement of data will be just one of the many problems that we will face (although probably one of the biggest). Just can't see it coming to that unless there is another change of PM.
Suspect that the final deal will have us being treated as part of the EEA (along with Norway etc.), which would allow for movement of data. The data protection bill that is going through Parliament will implement GDPR in advance of Brexit, the final deal bill will adopt all the wider rules into UK law and make provision for defining geography.
I agree with your points and would add that there's a lot of uncertainty at the moment as to what is going to happen. The UK has a very successful data processing industry, with significant numbers of high-value jobs around the country, and has benefitted from being able to say that data located in the UK is also in the EU.
HMG, AIUI, have put continued free movement of data in its negotiating position wish list, but that position has to be accepted by the EU, there needs to then be a deal and we need to pass the adequacy test - as you say. Passing the adequacy test, if we don't have it automatically as part of continued EU membership or an exit deal, would need to become a goal of future UK governments.
It's not just the question of how the Henry VIII powers will be implemented, but also the cost to UK businesses of setting up data protection contacts in the EU if we are outside (there's already a startup industry in the EU for organisations worldwide who need to meet their obligations).
If the Facebook news has woken politicians up to anything it should be that commerce these days is not just about physical widgets, but about services and information - especially information as that is involved in every service and widget transaction.
I'm an optimist and believe that this will all be sorted out in the final bill that is presented to the UK and EU parliaments. The Irish border question can't be solved unless we stay in a (the) customs union, membership of a customs union requires acceptance of a court to settle disputes, which then opens the way for us to remain within the EU territorial scope of GDPR, accepting the role of the EU data protection board and, ultimately, the ECJ.
If we end up without a deal then the location and movement of data will be just one of the many problems that we will face (although probably one of the biggest). Just can't see it coming to that unless there is another change of PM.
Suspect that the final deal will have us being treated as part of the EEA (along with Norway etc.), which would allow for movement of data. The data protection bill that is going through Parliament will implement GDPR in advance of Brexit, the final deal bill will adopt all the wider rules into UK law and make provision for defining geography.
rikur_ liked this
Sun Apr 22, 2018 5:08 pm
#1606390
carlmeek wrote:People love a good conspiracy theory!..
Visitors to JAM for our RAF100 special exhibition have shown great interest in the aviation-related artefacts and documents loaned to us from the museum of a well-known large local employer, known for its expertise in communications security
, which are not usually on public display anywhere. I was giving the spiel about them by their case to a visitor today. He told me in a serious tone that 'he had heard that' people were now using faxes rather then 'phone calls 'because it was more secure'. 
(mere guide at) Jet Age Museum, Gloucestershire Airport
http://www.jetagemuseum.org/
TripAdvisor Excellence Award 2015
http://www.tripadvisor.co.uk/Attraction ... gland.html
http://www.jetagemuseum.org/
TripAdvisor Excellence Award 2015
http://www.tripadvisor.co.uk/Attraction ... gland.html
Sun Apr 22, 2018 5:14 pm
#1606391
kanga wrote:carlmeek wrote:People love a good conspiracy theory!..
Visitors to JAM for our RAF100 special exhibition have shown great interest in the aviation-related artefacts and documents loaned to us from the museum of a well-known large local employer, known for its expertise in communications security
security through obscurity ........ quick search around Fiddler's Green .... "Where did we put that fax interception machine?"
Thanks for moving us on from Brexit discussion
kanga, Leodisflyer liked this
Mon Apr 23, 2018 3:35 pm
#1606568
"We ask you to share this information with your friends and neighbours as we understand that some residents have been badly frightened by these tales, and the more people who understand that they are completely false, the better."
They would say that, wouldn't they?
They would say that, wouldn't they?