Gdpr data protection, how are you handling it?

[jedisparks]

Hi to all,

Just wondering how others are handling the new gdpr data protection laws?

The firm that look after my website have estimated me costs of around 500 quid to get my website compliant!!!

the personal data I handle are client names, phone numbers, address and email but only for contact purposes. Sometimes these just exist on a note pad. You are meant to obtain recorded opt in consent before taking people's data. If Mrs Jones phones up with a lighting problem how do you do that.

The only time I share data I suppose is when notifying jobs online.

Any thoughts?

Many thanks

 

[Midwest]

Dunno. Would the company providing the data for your notifications need to be compliant?

From all the emails I've received recently, seems most companies are just sending out an email saying ya da ya.

Understand your concern, but don't think a lot of small trade persons will be

 

[jedisparks]

Yeah, I think it is more relevant and designed for larger businesses to stop them mis using people's data.

I can't imagine how many businesses country wide exist and how authorities will police it. Although it is meant to apply to all.

Think I'll just wait and see how it goes and what others do.

Cheers

 

[The Ghost]

This is an EUSSR directive we are not subject to EUSSR stazi apparatchiks wet dreams any more. Out government just hasn't caught up. They need to though, with the law of this country I mean.

 

[Deleted member 26818]

Under the new laws, will we be able to pass on someone’s phone number?

 

[The Ghost]

No not without their explicit consent to that process.

 

[snowhead]

And if they want you to remove their data permanently, then you have to, assuming everyone can remember who they have data with..
Oh then you'll have to remove their request to remove data.
Then you can't contact them to say you've done it.
But if they then contact you asking if you done it, then you'll have to removed that as well.

 

[Deleted member 26818]

And if they want you to remove their data permanently, then you have to, assuming everyone can remember who they have data with..
Oh then you'll have to remove their request to remove data.
Then you can't contact them to say you've done it.
But if they then contact you asking if you done it, then you'll have to removed that as well.

Does this apply only to data held on computer?

 

[Octopus]

I don't do ANY THING with client data except send estimates and invoices to them .............

so I'm ignoring it

 

[Midwest]

So all those concerned about this, are applying to the letter of the law; CDM Regulations 2015, Consumer Rights 2015 and probably not also Building Regs, and every little bit of BS7671, and paying every little bit of tax they should do to HMRC. I'm going back to watch that wedding.

 

[Octopus]

Can I ask HMRC to delete all my data?

 

[Octopus]

I just hope it stops this muppet once and for all .......

James Dewane - Marketing for electricians - https://www.electriciansforums.co.uk/threads/james-dewane-marketing-for-electricians.124680/page-3#post-1339332

 

[The Ghost]

It is mostly common sense in that only do with peoples data what you would hope others would do with yours. There is a divide in sensitive data and personal data. Personal data given to you in order to make contact, bill and issue certs to is taken as consent given to do just that, but not put them on your mailing list or pass to a third party which I think is the bit that concerns us. But again I say we are not part of the EUSSR and we also have the Data Protection Act, so there was no need to re-invent the wheel just another way of wasting billions on setting up a system that will enrich the junta who collect the fines. No mention of rates of reparation for mis-using an individuals information so we are not enriched by this. And I will predict with absolute certainty information will still be used illegally by the very people making the unconstitutional "laws".

 

[Octopus]

Does GDPR apply to PFI call centres?

Does GDPR apply to off shore call centres?

I see this as another waste of time and money

 

[Deleted member 26818]

Where I’m working at (a shopping mall), we get deliveries which have to be booked in.
Security require the name of the company, the type and registration of the vehicle, the name of the driver and the time of the delivery.
My company when making the order will also provide the company making the delivery, with my name and phone number, so the driver can contact me when they are nearby.
The booking in process is handled by another company.
So for every delivery, the company making the delivery, the company dealing with the booking in process, security, the shopping mall and the driver will be provided with my name and phone number.
How would it be possible to have my data removed?

 

[Gavin John Hyde]

I just added a basic pop up on the website, after all its only for a online presence and on the contact form i have a little bit of info explaining what i do with the info. the lawyer talking at a network event i went to said that people would struggle to make claims for mishandling of data if they contact you for a quote or to do a job, as its implied consent. if you of course flog there details that is something different, if in course of the work you say you are going to get the plumber to contact them, they say great, then again its verbal implied consent for the number to be passed to the plumber. a lot of companies are over stressing this new law.
the information commissioner even came out and said people are going overboard. he compared it to the panic over the millennium bug

 

[SparkyChick]

I added a section to my website that details what data I store, how I use and who I share it with (namely my accountant). It states how long I store it for.

I also setup a mailing list server that my clients can subscribe to (which gives consent for me to mail them if I so wish).

I also added HTTPS support to my website to secure the contact form.

Total cost to the business was about £100 in my time and the certificate.

Unless you're using your website to conduct your business (beyond a simple contact form) I would suggest your hosts are taking the mick. As best as I can tell you need a single page that states what you store, how you use it, how long it's stored for (the basics). And unless you're processing personally identifiable data for doing more than just conducting your business (i.e. meeting the terms of your contracts) you don't need anything more.

 

[plugsandsparks]

Getting lots of emails from firms that i have used that keep pestering me with spam, asking me to opt in so i can continue to receive such spam, you could not make it up. I always ask not to be contacted about "new offers, products etc" but they just ignore it, so next time i get one, its straight down to the cop shop with crime report, lol

 

[johnduffell]

Basically you have to get consent for everything you want to use the data for, if you collect the data for a quote obviously you can, but you can only keep their details for a reasonable time needed for that purpose. So if your quote is relevant for 6 months you have to make sure you delete it after that.
From a consumer point of view it's great, no more having to opt in to spam if i want something unrelated, and companies can't sell my data for advertising unless they explain it clearly and give me a genuine choice either way.
I'm sure they aren't going after Sparky's, more like Facebook and Google etc. Fines are something like 10% worldwide revenue or 20 million whichever is greater, so they aren't aiming this squarely at small businesses. Just remember whose data it is and you won't go far wrong.

 

[Toneyz]

I bet Tell's shredding up his smoke packets & beer mats as we speak.