nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

back to article
Nine months and a lot more b*llocks to go before new EU data protection rules kick in

Silver badge
Pirate

Yep it's basically a torrent of companies trying to punt half baked 'compliance' tools and services. But ask them the simplest of questions and they really have no idea WTF they are trying to sell or what the legislation is all about.

I've livened up many a dull afternoon messing with these guys on the phone. Cruel but necessary. Rule #1 if you want to sell me something you'd better know more about the subject/product than I do.

21
0
Silver badge

In all fairness

"The Information Commissioner’s Office guidance says that the best way for organisations to tell if it is a legitimate interest is to ask if what they intend to do “is fair”. "

That's the sort of woolly thinking that causes arguments and problems. Why couldn't they have predicted this kind of confusion before they started and then been ready for it in a sensible manner?

12
3
Anonymous Coward

Re: In all fairness

There isn't that much confusion. GDPR is on the order of 95% the same as the DPD - you can enumerate the key changes in 4 or 5 bullet points. The law isn't going to radically change. The penalties for breaking the law are. Organisations that are confused are organisations that have spent the last 20 years happily ignoring their responsibilities to their customers under the law.

12
1
Silver badge

Re: In all fairness

tell if it is a legitimate interest is to ask if what they intend to do “is fair”.

And how do you know it's fair ? just ask if it's a legitimate interest !

3
0
Silver badge

Re: In all fairness

"That's the sort of woolly thinking that causes arguments and problems."

Quite. Just what company is going to admit to itself that what it's doing might not be fair.

2
0
Silver badge

"She also noted that the ICO had yet to “invoke our maximum powers” - a £500,000 fine."

That's not something to boast about. Perhaps if the ICO did fine more companies the maximum amount they might be a little more careful with their customer's personal information.

14
0

I had to ask my MP to get clarification about consent from the ICO for the DPA, and she was informed that on some occasions, consent can be obtained contractually. This is where the confusion stems. If a data controller can obtain our consent to do ANYTHING they want with our information when we agree to their terms, then what's the point? The Commissioner has to MAKE IT ABSOLUTELY CLEAR that consent MUST be obtained fairly and cannot be obtained contractually or from a privacy policy.

Data controllers need to stop sending us direct marketing unless we specifically request it. Mailing list operators will have to call it a day and the companies that buy mailing lists should be prosecuted.

8
0
Silver badge

"Data controllers need to stop sending us direct marketing unless we specifically request it."

And where that request has been denied, absolutely must honour that denial, not disregard it and send marketing crap anyway (I recently lodged a complaint with the ICO about HSBC for doing exactly that).

5
0
K
Silver badge
Megaphone

had yet to “invoke our maximum powers”

Don't shout this too loud... This is acting as a great catalyst to get needed investment for security infrastructure.

1
1
Silver badge
Windows

Sitting pretty here!

MSFT have assured me that storing corporate data on OneDrive for Business means GDPR compliance so we're sorted. Simples!

1
1
Anonymous Coward

Re: Sitting pretty here!

They forgot to mention the last bit - Its GDPR compliant for them!

I honestly hope your joking about that.. If not, then you've just been spoon-fed the biggest load of BS.. GDPR is not about where you store the data - it's about how the data is stored, why it's stored, how it used and who has access to it. If you incorrectly configure a permission on OneDrive, then I hope you have a couple of gallons of lube, as the company will get a royal shafting.

If you think you can palm off responsibility for storage onto M$, then think again, as GDPR explicitly states primary responsibility rests with the party who stored the data, not the service providers they were using (though there is some shared responsibility here).

Don't worry, you're not the only one, at least 90% of the FTSE 100 believe they can offload reputation damage and responsibility by outsourcing!!

2
1
Silver badge

Company after company is pushing "self-assessment" kits to prove how under-prepared organisations are, while others are selling various widgets, gizmos and services that claim to help them comply.

Given that so many companies have shown themselves to be unprepared to deal with what's already law and has been for a few decades not I'd have thought that anything which spurs them into activity should be considered a Good Thing.

1
1
Silver badge

Unfortunately there are a huge number of organisations that will be defrauded with incorrect "advice" and bunk reasons for "further training" or "consultancy". Largely due to scare stories pushed by the media and those that benefit, as in those that sell this "training" and "consultancy".

0
0
Silver badge
Trollface

Monetise the FUD

It's never going to be as rewarding as the Y2K boondoggle !

1
1
Anonymous Coward

Re: Monetise the FUD

Have to agree, when I was at Uni (1999) my neighbor was a Cobol programmer and contracting for one of the big banks.. He'd do an hours work each day and then head home, and he was clearing £1000-£1500 per day.

Saying that, I netted a nice £20k pay-rise by switching roles about 4 months ago.. moving from "infrastructure" to "security", so I dropped all user-fud, and now get to play with the cool security toys, deploy them and pass them on.. rinse and repeat, but no day is ever the same :)

1
0

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

The Register - Independent news and views for the tech community. Part of Situation Publishing