GDPR and Business

[Nemama]

Hi,

As most likely you all already know, starting on 25 May 2018, the EU General Data Protection Regulation (GDPR) will become effective across all European Union member states. This is the biggest reform in data protection legislation since the Data Protection Act approved back 1995.

What changes must be performed at business's website in order to meet the new GDPR Requirements?

Thanks

 

[LDFerguson]

Lots of information on this on the web.

 

[Purple]

This is also a good resource.

 

[Steven Barrett]

If you have contact me forms on your site, the consumer has to consent to their data being transmitted to you. You also have to update your Privacy Policy. My web guy did all of my stuff for my site. Wouldn't have had a clue about half of it and would have spent hours trying to figure it all out. Well worth the money spent.


Steven
http://www.bluewaterfp.ie (www.bluewaterfp.ie)

 

[Purple]

If you have CCTV you have to have a policy on what you do with the recordings.

 

[Jim2007]

Future Learn are presenting a course for the University of London:

https://www.futurelearn.com/courses/general-data-protection-regulation

 

[Purple]

Can anyone recommend a training course on GDPR?

 

[Nemama]

I've been told Local Enterprise Office is going to start offering GDPR courses... I would suggest to you to keep an eye on their incoming training courses.

 

[Purple]

Good old Local Enterprise Boards, offering courses after the fact.

 

[T McGibney]

Good old Local Enterprise Boards, offering courses after the fact.

I don't understand your point? GDPR was introduced only a week ago. Even those who have prepared comprehensively ahead of its introduction will have continuing and ongoing responsibilities.

 

[Purple]

I don't understand your point? GDPR was introduced only a week ago. Even those who have prepared comprehensively ahead of its introduction will have continuing and ongoing responsibilities.

Yea, but you need to have your ducks in a row now, not in a few months when they start running courses.

 

[T McGibney]

Yea, but you need to have your ducks in a row now, not in a few months when they start running courses.

No, you need to have your ducks in a row now and maintain them that way forever.

I attended a GDPR course last month and the guy giving it said that he anticipates that the vast majority of GDPR compliance work will be after 25 May.

 

[Leo]

GDPR was enacted in May 2016 with a 2 year transition period allowed, May 25th was the implementation deadline.

 

[T McGibney]

GDPR was enacted in May 2016 with a 2 year transition period allowed, May 25th was the implementation deadline.

And???

 

[Leo]

And???

Just adding to the point that going about introducing training now is closing the stable door after the horse has bolted stuff, and correcting the point from the first post and what seems to be a common misconception that this should be anything new to anyone in a data controller / processor role.

 

[T McGibney]

Just adding to the point that going about introducing training now is closing the stable door after the horse has bolted stuff.

It's anything but. Responsibility for workplace health and safety compliance didn't suddenly end with the coming into force of the Safety, Health and Welfare at Work Act.

 

[Leo]

It's anything but.

It's fine for anyone new into these roles, ongoing training will always be required. But I don't think they could ever be accused of being ahead of the game introducing training more than two years after adoption.

Responsibility for workplace health and safety compliance didn't suddenly end with the coming into force of the Safety, Health and Welfare at Work Act.

Not sure I get that point, who's suggesting anyone's responsibility here is ending?

 

[T McGibney]

But I don't think they could ever be accused of being ahead of the game introducing training more than two years after adoption.

But nobody til now has mentioned anything about being ahead of the game. We were discussing something else entirely.

Not sure I get that point, who's suggesting anyone's responsibility here is ending?

Good old Local Enterprise Boards, offering courses after the fact.

 

[Leo]

But nobody til now has mentioned anything about being ahead of the game. We were discussing something else entirely.

No, I was responding to the point raised about them introducing training after the May 2018 date. Purple added the point about them doing so after the fact, I was just pointing out GDPR was adopted two years earlier in 2016, so just further emphasising that point.

Not sure I get that point, who's suggesting anyone's responsibility here is ending?

Good old Local Enterprise Boards, offering courses after the fact.

I still don't get where that's referring to anyone's responsibility ending.

 

[T McGibney]

I still don't get where that's referring to anyone's responsibility ending.

Look at the definition of "after the fact" - 'occurring, done, or made after something has happened.'

It's a nonsense to suggest that GDPR 'has happened' as it involves continuing responsibilities.