Sign Up

What is 5 + 2?

Have an account? Sign In Now

Sign In

What is 5 + 2?

Forgot Password?

Don't have account, Sign Up Here

Forgot Password

Lost your password? Please enter your email address. You will receive a link and will create a new password via email.

What is 5 + 2?

Have an account? Sign In Now

Please type your username.

Please type your E-Mail.

Please choose an appropriate title for the question so it can be answered easily.
Please choose the appropriate section so the question can be searched easily.

Type the description thoroughly and in details.

What is 5 + 2?

Sign InSign Up

Watercooler by DPOrganizer

Watercooler by DPOrganizer Logo Watercooler by DPOrganizer Logo

Watercooler by DPOrganizer Navigation

Search
Ask A Question

Mobile menu

Close
Ask a Question
  • Home
  • Categories
    • GDPR
    • Privacy Management
    • Professional Development
    • Software tips and tricks
    • Polls
  • Help
  • About Watercooler

Barry Moult

Bronze contributor
2Followers
0Questions
Home/ Barry Moult/Answers
  • About
  • Questions
  • Polls
  • Answers
  1. Asked: October 20, 2021In: GDPR

    Subject Access Request / Link to other processes

    Barry Moult

    Barry Moult

    • 0 Questions
    • 29 Answers
    • 0 Best Answers
    • 29 Points
    View Profile
    Barry Moult Bronze contributor
    Added an answer on October 25, 2021 at 10:26 am

    Leaving under a cloud, not a good place to be in (i've been there) Giving note to leave and being allowed to leave early - Is there evidence that it was agreed i.e email or letter? SAR (imho) is a totally separate issue, legally entitled to request whether an employee or not. On a practical note. WiRead more

    Leaving under a cloud, not a good place to be in (i’ve been there)

    Giving note to leave and being allowed to leave early – Is there evidence that it was agreed i.e email or letter?
    SAR (imho) is a totally separate issue, legally entitled to request whether an employee or not.

    On a practical note. Withdraw the SAR, leave and resubmit the SAR. Don’t accept any agreement not to submit a request

    See less
    • 0
    • Share
      Share
      • Share on Facebook
      • Share on Twitter
      • Share on LinkedIn
  2. Asked: May 18, 2021In: GDPR

    DSAR disaster!

    Barry Moult

    Barry Moult

    • 0 Questions
    • 29 Answers
    • 0 Best Answers
    • 29 Points
    View Profile
    Barry Moult Bronze contributor
    Added an answer on May 20, 2021 at 8:32 am

    I agree with Hellen. Make sure you document your reason and rational of not reporting it. If questioned at a later date, you are not relying on memory for your decision. Also make sure you document lessons learnt and communicate to the relevant staff. The last point Hellen made is a good one. RevisiRead more

    I agree with Hellen.
    Make sure you document your reason and rational of not reporting it. If questioned at a later date, you are not relying on memory for your decision.
    Also make sure you document lessons learnt and communicate to the relevant staff.

    The last point Hellen made is a good one. Revisit your process, no matter how good you think it already is.

    See less
    • 3
    • Share
      Share
      • Share on Facebook
      • Share on Twitter
      • Share on LinkedIn
  3. Asked: April 26, 2021In: GDPR

    When can you say a DSAR email search is excessive ?

    Barry Moult

    Barry Moult

    • 0 Questions
    • 29 Answers
    • 0 Best Answers
    • 29 Points
    View Profile
    Barry Moult Bronze contributor
    Added an answer on May 4, 2021 at 1:48 pm

    I had a request that turned out 17k emails. I went back to the requestor and asked if there are certain people who emails went to or from that might be of interest it dropped the number down to less than 400.

    I had a request that turned out 17k emails. I went back to the requestor and asked if there are certain people who emails went to or from that might be of interest it dropped the number down to less than 400.

    See less
    • 0
    • Share
      Share
      • Share on Facebook
      • Share on Twitter
      • Share on LinkedIn
  4. Asked: April 30, 2021In: GDPR

    Data mapping document

    Barry Moult

    Barry Moult

    • 0 Questions
    • 29 Answers
    • 0 Best Answers
    • 29 Points
    View Profile
    Barry Moult Bronze contributor
    Added an answer on May 4, 2021 at 1:42 pm

    Very little to add from what Dean has said. I would make sure everyone knows their responsibility to add to the RoPA as and when required.

    Very little to add from what Dean has said.
    I would make sure everyone knows their responsibility to add to the RoPA as and when required.

    See less
    • 1
    • Share
      Share
      • Share on Facebook
      • Share on Twitter
      • Share on LinkedIn
  5. Asked: April 21, 2021In: GDPR, Privacy Management

    Legal counsel as DPO – conflict of interest

    Barry Moult

    Barry Moult

    • 0 Questions
    • 29 Answers
    • 0 Best Answers
    • 29 Points
    View Profile
    Barry Moult Bronze contributor
    Added an answer on April 22, 2021 at 9:12 am

    Sometimes its taking a pragmatic approach, which is what you are doing. You have a knowledge and experience of current legislation. You understand the workings of the organisation and the risks. As long as you can work independently in the role of DPO and not be instructed by the organisation, IMHORead more

    Sometimes its taking a pragmatic approach, which is what you are doing.
    You have a knowledge and experience of current legislation. You understand the workings of the organisation and the risks.
    As long as you can work independently in the role of DPO and not be instructed by the organisation, IMHO I see no great issue.
    Like with everything I would document the decision making and get the organisation to own any risk of ‘conflict of interest’ (if there is any)
    I know if many organisations who have appointed less suitable persons to be the DPO.

    See less
    • 1
    • Share
      Share
      • Share on Facebook
      • Share on Twitter
      • Share on LinkedIn
  6. Asked: April 15, 2021In: GDPR, Privacy Management

    Access requests for voice recordings . Is my voice alone personal data and covered by.a DSAR?

    Barry Moult

    Barry Moult

    • 0 Questions
    • 29 Answers
    • 0 Best Answers
    • 29 Points
    View Profile
    Barry Moult Bronze contributor
    Added an answer on April 16, 2021 at 10:15 am

    Brave or foolish - Barry in answering this first You have raised some issues i have not been questioned about before (always a 1st time) I am not aware of anyone redacting voice recordings as both parties were part of the conversation. If you inform your clients the call is being recorded (you must)Read more

    Brave or foolish – Barry in answering this first
    You have raised some issues i have not been questioned about before (always a 1st time)
    I am not aware of anyone redacting voice recordings as both parties were part of the conversation.

    If you inform your clients the call is being recorded (you must), there is an expectation that the record would be available if requested. (what does your PN say?)

    The request for the recording could be that they want to challenge/query something that has been said (advice/next steps). I would find it odd only to give one side of the conversation.

    The ICO guidance (not in any detail)
    https://ico.org.uk/for-organisations/guide-to-data-protection-1998/encryption/scenarios/audio-recordings/

    Nice Guidance
    https://www.nice.com/engage/blog/mcr-understanding-the-gdpr-call-recording-rules-2531/

    Friends at iapp have commented
    https://iapp.org/news/a/how-do-the-rules-on-audio-recording-change-under-the-gdpr/

    See less
    • 1
    • Share
      Share
      • Share on Facebook
      • Share on Twitter
      • Share on LinkedIn
  7. Asked: April 7, 2021In: GDPR

    Videoconferencing calls

    Barry Moult

    Barry Moult

    • 0 Questions
    • 29 Answers
    • 0 Best Answers
    • 29 Points
    View Profile
    Barry Moult Bronze contributor
    Added an answer on April 9, 2021 at 4:17 pm

    I'm not going to disagree with the replies already made. Just another way of looking at it. An organisation might allow a member of staff to work from home rather than coming into the office, or even coming in to attend a meeting for an hour (not everyone lives next door to work). If you are in a meRead more

    I’m not going to disagree with the replies already made. Just another way of looking at it.
    An organisation might allow a member of staff to work from home rather than coming into the office, or even coming in to attend a meeting for an hour (not everyone lives next door to work).
    If you are in a meeting F2F you can see peoples response to discussions (like, dislike, approval, non approval). I would be disappointed if people sat with there backs to the discussion table or wore a paper bag over their heads. How rude.
    Is it not about respect to those in the discussion (i know some will say respect those who don’t want their camera on).
    I do a lot of virtual training and many don’t have their cameras on. i don’t know if they are listening or engaged. I do know of some who logged in never participated yet got the certificate of attendance… Naughty.
    I wonder if it will come down to company policy – camera on or come in for the meeting.

    I will get my coat

    See less
    • 0
    • Share
      Share
      • Share on Facebook
      • Share on Twitter
      • Share on LinkedIn
  8. Asked: April 9, 2021In: GDPR

    Data Processor or Other Recipient

    Barry Moult

    Barry Moult

    • 0 Questions
    • 29 Answers
    • 0 Best Answers
    • 29 Points
    View Profile
    Barry Moult Bronze contributor
    Replied to answer on April 9, 2021 at 4:00 pm

    Hi Hellen I love your last sentence definition, i'm going to use to use it if you don't mind, sums it up nicely. "I tend to qualify ‘other recipients’ as organisations that the business is legally obligated to disclose to rather than one they would choose to"

    Hi Hellen
    I love your last sentence definition, i’m going to use to use it if you don’t mind, sums it up nicely.

    “I tend to qualify ‘other recipients’ as organisations that the business is legally obligated to disclose to rather than one they would choose to”

    See less
    • 0
    • Share
      Share
      • Share on Facebook
      • Share on Twitter
      • Share on LinkedIn
  9. Asked: April 9, 2021In: GDPR

    Data Processor or Other Recipient

    Barry Moult

    Barry Moult

    • 0 Questions
    • 29 Answers
    • 0 Best Answers
    • 29 Points
    View Profile
    Barry Moult Bronze contributor
    Added an answer on April 9, 2021 at 1:56 pm

    I suspect you will get a number of differing replies to this. Of course the standard reply is going to be 'it depends'. It depends what they are auditing. What will they have access to? how will they have access? In Health i have always treated auditors as 'data processors' and they only process theRead more

    I suspect you will get a number of differing replies to this.
    Of course the standard reply is going to be ‘it depends’. It depends what they are auditing.
    What will they have access to? how will they have access?
    In Health i have always treated auditors as ‘data processors’ and they only process the data as instructed in the contract.
    Would you want a data processing agreement? I’ve been there when I felt the ‘contract’ was not specific enough of what they will be doing (or not doing) with the data and insisted on an agreement. (belt & braces)
    Just think what could go wrong if its not clear 🙁

    See less
    • 1
    • Share
      Share
      • Share on Facebook
      • Share on Twitter
      • Share on LinkedIn
  10. Asked: April 8, 2021In: GDPR, Privacy Management, Professional Development

    National Data Opt Out – NHS. HELP!

    Barry Moult

    Barry Moult

    • 0 Questions
    • 29 Answers
    • 0 Best Answers
    • 29 Points
    View Profile
    Barry Moult Bronze contributor
    Replied to answer on April 9, 2021 at 1:46 pm

    Thank you Dean The NDOO is to opt out for information being used for any other purpose than originally given (i.e unless its changed - research). Information being processed by the DSCROs and sent to the CCGs will be for management purposes (planning, invoicing etc) therefore the opt out would not aRead more

    Thank you Dean
    The NDOO is to opt out for information being used for any other purpose than originally given (i.e unless its changed – research). Information being processed by the DSCROs and sent to the CCGs will be for management purposes (planning, invoicing etc) therefore the opt out would not apply.

    See less
    • 1
    • Share
      Share
      • Share on Facebook
      • Share on Twitter
      • Share on LinkedIn
1 2 3

Sidebar

Ask A Question

Trending contributors

DP-Pro

DP-Pro

  • 14 Answers
Bronze contributor
Magnus T

Magnus T

  • 7 Answers
Rising star contributor
Dave_Wylie

Dave_Wylie

  • 24 Answers
Bronze contributor
JeremyClarkson

JeremyClarkson

  • 3 Answers
d9d9d9

d9d9d9

  • 9 Answers
Rising star contributor

Recent questions

  • Ange Seivewright

    I am curious - has anyone found dashboard type software ...

    • 0 Answers
  • Ange Seivewright

    It's that dreaded time! I need to put together some ...

    • 0 Answers
  • Anonymous

    PII v PI

    • 1 Answer
  • Anonymous

    Monthly Reporting to business leadership team

    • 0 Answers
  • Anonymous

    US marketing laws

    • 1 Answer

Explore

  • Home
  • Categories
    • GDPR
    • Privacy Management
    • Professional Development
    • Software tips and tricks
    • Polls
  • Help
  • About Watercooler

Footer

Your privacy

  • Cookie notice
  • Privacy notice

Terms and policy

  • Acceptable Use Policy
  • Terms of Use

© 2021 DPOrganizer. All Rights Reserved. With Love by DPOrganizer.