GDPR and Business

Discussion in 'Askaboutbusiness' started by Nemama, 15 May 2018.

  1. Nemama

    Nemama Frequent Poster

    Posts:
    57
    Hi,

    As most likely you all already know, starting on 25 May 2018, the EU General Data Protection Regulation (GDPR) will become effective across all European Union member states. This is the biggest reform in data protection legislation since the Data Protection Act approved back 1995.

    What changes must be performed at business's website in order to meet the new GDPR Requirements?

    Thanks
     
  2. LDFerguson

    LDFerguson Frequent Poster

    Posts:
    4,026
  3. Purple

    Purple Frequent Poster

    Posts:
    8,551
    This is also a good resource.
     
  4. SBarrett

    SBarrett Frequent Poster

    Posts:
    2,732
    If you have contact me forms on your site, the consumer has to consent to their data being transmitted to you. You also have to update your Privacy Policy. My web guy did all of my stuff for my site. Wouldn't have had a clue about half of it and would have spent hours trying to figure it all out. Well worth the money spent.


    Steven
    www.bluewaterfp.ie
     
  5. Purple

    Purple Frequent Poster

    Posts:
    8,551
    If you have CCTV you have to have a policy on what you do with the recordings.
     
  6. Jim2007

    Jim2007 Frequent Poster

    Posts:
    2,003
  7. Purple

    Purple Frequent Poster

    Posts:
    8,551
    Can anyone recommend a training course on GDPR?
     
  8. Nemama

    Nemama Frequent Poster

    Posts:
    57
    I've been told Local Enterprise Office is going to start offering GDPR courses... I would suggest to you to keep an eye on their incoming training courses.
     
  9. Purple

    Purple Frequent Poster

    Posts:
    8,551
    Good old Local Enterprise Boards, offering courses after the fact.
     
  10. T McGibney

    T McGibney Frequent Poster

    Posts:
    3,555
    I don't understand your point? GDPR was introduced only a week ago. Even those who have prepared comprehensively ahead of its introduction will have continuing and ongoing responsibilities.
     
  11. Purple

    Purple Frequent Poster

    Posts:
    8,551
    Yea, but you need to have your ducks in a row now, not in a few months when they start running courses.
     
  12. T McGibney

    T McGibney Frequent Poster

    Posts:
    3,555
    No, you need to have your ducks in a row now and maintain them that way forever.

    I attended a GDPR course last month and the guy giving it said that he anticipates that the vast majority of GDPR compliance work will be after 25 May.
     
  13. Leo

    Leo Moderator

    Posts:
    9,260
    GDPR was enacted in May 2016 with a 2 year transition period allowed, May 25th was the implementation deadline.
     
    Nemama likes this.
  14. T McGibney

    T McGibney Frequent Poster

    Posts:
    3,555
    And???
     
  15. Leo

    Leo Moderator

    Posts:
    9,260
    Just adding to the point that going about introducing training now is closing the stable door after the horse has bolted stuff, and correcting the point from the first post and what seems to be a common misconception that this should be anything new to anyone in a data controller / processor role.
     
  16. T McGibney

    T McGibney Frequent Poster

    Posts:
    3,555
    It's anything but. Responsibility for workplace health and safety compliance didn't suddenly end with the coming into force of the Safety, Health and Welfare at Work Act.
     
  17. Leo

    Leo Moderator

    Posts:
    9,260
    Last edited: 30 May 2018
    It's fine for anyone new into these roles, ongoing training will always be required. But I don't think they could ever be accused of being ahead of the game introducing training more than two years after adoption.

    Not sure I get that point, who's suggesting anyone's responsibility here is ending?
     
    Last edited: 30 May 2018
  18. T McGibney

    T McGibney Frequent Poster

    Posts:
    3,555
    But nobody til now has mentioned anything about being ahead of the game. We were discussing something else entirely.

     
  19. Leo

    Leo Moderator

    Posts:
    9,260
    No, I was responding to the point raised about them introducing training after the May 2018 date. Purple added the point about them doing so after the fact, I was just pointing out GDPR was adopted two years earlier in 2016, so just further emphasising that point.


    I still don't get where that's referring to anyone's responsibility ending.
     
  20. T McGibney

    T McGibney Frequent Poster

    Posts:
    3,555
    Look at the definition of "after the fact" - 'occurring, done, or made after something has happened.'

    It's a nonsense to suggest that GDPR 'has happened' as it involves continuing responsibilities.