Hi. It would be reasonable and correct to do so. In some countries financial data are considered particularly sensitive and with the additional requirements of the PCI DSS, its easy to understand that elevation both risk and protection of these data. As you know, what constitutes personal data is aRead more
Hi. It would be reasonable and correct to do so. In some countries financial data are considered particularly sensitive and with the additional requirements of the PCI DSS, its easy to understand that elevation both risk and protection of these data. As you know, what constitutes personal data is a broad list of attributes and a recent case in Germany established that vehicle chassis numbers (VIN) may also be regarded as personal data, so be cautions and treat all financial data as special category and you cant go too far wrong. The ICO will applaud the additional risk measures you will implement and customers will appreciate the additional protections you give to their data.
Hi. Its unlikely that CONSENT is a valid basis because without sending a CV, the applicant would unlikely be selected for consideration and CONSENT must not be conditional nor should refusal or withdrawal lead to any detriment. Therefore, you should apply CONTRACT as your lawful basis (the provisionRead more
Hi. Its unlikely that CONSENT is a valid basis because without sending a CV, the applicant would unlikely be selected for consideration and CONSENT must not be conditional nor should refusal or withdrawal lead to any detriment. Therefore, you should apply CONTRACT as your lawful basis (the provision of a CV/Application etc. being a requirement / condition of entering into an contract of employment).
Er, have you/your client tried asking the contracting bank for clarification? Data Quality in data protection terms is quite different to data quality in Master Data Management terms, with a range of exotic qualitative and quantitative values applied to an eye-watering list of data quality dimensionRead more
Er, have you/your client tried asking the contracting bank for clarification? Data Quality in data protection terms is quite different to data quality in Master Data Management terms, with a range of exotic qualitative and quantitative values applied to an eye-watering list of data quality dimensions and metrics..
The ICO had to announce its provisional intent to impose the £17m fine due to stock market disclosure regulations. It remains to be seen whether that number stays of falls (cf Marriott and BA). I agree with the view that it was unlawful. Generally, a person publishes a post to social media for a perRead more
The ICO had to announce its provisional intent to impose the £17m fine due to stock market disclosure regulations. It remains to be seen whether that number stays of falls (cf Marriott and BA). I agree with the view that it was unlawful. Generally, a person publishes a post to social media for a personal/domestic purpose, possibly expecting to engage or annoy others. A commercial enterprise, be it Clearview or another, cannot rely on that same domestic purpose. They will be using it for monetary or other purposes, mostly under legitimate interests which is a) not compatible with the original purpose for posting and b) unlawful because the individual was not informed of the collection and sue, nor allowed to object. As this goes to the heart of DS Rights an upper tier fins is appropriate. Also, there is a huge distinction between something that is ‘publicly available’ / made public and the term ‘in the public domain’, and the former does not mean its ‘up for grabs’!
GDPR and PECR
Petra
Would agree with you, this is non compliant, but it then becomes a risk based decision for management.
Would agree with you, this is non compliant, but it then becomes a risk based decision for management.
See lessData Retention for Anonymised Data? Conflicting guidance.
Petra
Not under GDPR, but as much as possible all data should have a retention period whether personal data or not.
Not under GDPR, but as much as possible all data should have a retention period whether personal data or not.
See lessAudit supplier recommendation
Jess
Hi, We have just used The NCC Group to do an audit of our data protection compliance, and I would highly recommend them. Good luck! Jess
Hi,
We have just used The NCC Group to do an audit of our data protection compliance, and I would highly recommend them.
Good luck!
See lessJess
credit card number handling – bank
DP-Pro
Hi. It would be reasonable and correct to do so. In some countries financial data are considered particularly sensitive and with the additional requirements of the PCI DSS, its easy to understand that elevation both risk and protection of these data. As you know, what constitutes personal data is aRead more
Hi. It would be reasonable and correct to do so. In some countries financial data are considered particularly sensitive and with the additional requirements of the PCI DSS, its easy to understand that elevation both risk and protection of these data. As you know, what constitutes personal data is a broad list of attributes and a recent case in Germany established that vehicle chassis numbers (VIN) may also be regarded as personal data, so be cautions and treat all financial data as special category and you cant go too far wrong. The ICO will applaud the additional risk measures you will implement and customers will appreciate the additional protections you give to their data.
See lessJob applications and Consent
DP-Pro
Hi. Its unlikely that CONSENT is a valid basis because without sending a CV, the applicant would unlikely be selected for consideration and CONSENT must not be conditional nor should refusal or withdrawal lead to any detriment. Therefore, you should apply CONTRACT as your lawful basis (the provisionRead more
Hi. Its unlikely that CONSENT is a valid basis because without sending a CV, the applicant would unlikely be selected for consideration and CONSENT must not be conditional nor should refusal or withdrawal lead to any detriment. Therefore, you should apply CONTRACT as your lawful basis (the provision of a CV/Application etc. being a requirement / condition of entering into an contract of employment).
See lessConfused – ‘data definitions and calculations’ – must be provided prior to contract?
DP-Pro
Er, have you/your client tried asking the contracting bank for clarification? Data Quality in data protection terms is quite different to data quality in Master Data Management terms, with a range of exotic qualitative and quantitative values applied to an eye-watering list of data quality dimensionRead more
Er, have you/your client tried asking the contracting bank for clarification? Data Quality in data protection terms is quite different to data quality in Master Data Management terms, with a range of exotic qualitative and quantitative values applied to an eye-watering list of data quality dimensions and metrics..
See lessclearview fine
DP-Pro
The ICO had to announce its provisional intent to impose the £17m fine due to stock market disclosure regulations. It remains to be seen whether that number stays of falls (cf Marriott and BA). I agree with the view that it was unlawful. Generally, a person publishes a post to social media for a perRead more
The ICO had to announce its provisional intent to impose the £17m fine due to stock market disclosure regulations. It remains to be seen whether that number stays of falls (cf Marriott and BA). I agree with the view that it was unlawful. Generally, a person publishes a post to social media for a personal/domestic purpose, possibly expecting to engage or annoy others. A commercial enterprise, be it Clearview or another, cannot rely on that same domestic purpose. They will be using it for monetary or other purposes, mostly under legitimate interests which is a) not compatible with the original purpose for posting and b) unlawful because the individual was not informed of the collection and sue, nor allowed to object. As this goes to the heart of DS Rights an upper tier fins is appropriate. Also, there is a huge distinction between something that is ‘publicly available’ / made public and the term ‘in the public domain’, and the former does not mean its ‘up for grabs’!
See less