I recently researched a similar situation and came across this article: https://www.xperthr.co.uk/faq/should-employers-ask-job-applicants-for-consent-to-process-their-data-under-the-uk-gdpr/162845/ I am using legitimate interest having reviewed it.
I recently researched a similar situation and came across this article:
Routine customer service messages do not count as direct marketing – in other words, correspondence with customers to provide information they need about a current contract or past purchase (eg information about service interruptions, delivery arrangements, product safety, changes to terms and condiRead more
Routine customer service messages do not count as direct marketing – in other words, correspondence with customers to provide information they need about a current contract or past purchase (eg information about service interruptions, delivery arrangements, product safety, changes to terms and conditions, or tariffs). General branding, logos or straplines in these messages do not count as marketing. However, if the message includes any significant promotional material aimed at getting customers to buy extra products or services or to renew contracts that are coming to an end, that message includes marketing material and the rules apply.
There are many companies that provide e-learning modules with an LMS system. We've just been through the process of having a number of demos to see which suited our needs and compared the cost. Our final decision was to have our own customer built which provides us with content that is relevant to oRead more
There are many companies that provide e-learning modules with an LMS system. We’ve just been through the process of having a number of demos to see which suited our needs and compared the cost. Our final decision was to have our own customer built which provides us with content that is relevant to our organisation. Its been an interesting process to shop around and see the different styles.
Before reading Andreas post I clarified the situation with the ico. The response I received is: If the whatsapp group is under the control of the organisation, then it would be covered under a subject access request. If staff within the organisation have set up a whatsapp group, but this is not undeRead more
Before reading Andreas post I clarified the situation with the ico. The response I received is:
If the whatsapp group is under the control of the organisation, then it would be covered under a subject access request. If staff within the organisation have set up a whatsapp group, but this is not under the control of the organisation, then you would not be obligated to provide the messages in response to a SAR.
Hi, I'm not sure if this is any help at all but I've just come across an article on the ico website on consent and capacity: The UK GDPR does not contain specific provisions on capacity to consent, but issues of capacity are bound up in the concept of ‘informed’ consent. Generally, you can assume thRead more
Hi, I’m not sure if this is any help at all but I’ve just come across an article on the ico website on consent and capacity:
The UK GDPR does not contain specific provisions on capacity to consent, but issues of capacity are bound up in the concept of ‘informed’ consent. Generally, you can assume that adults have the capacity to consent unless you have reason to believe the contrary. However, you should ensure that the information you provide enables your intended audience to be fully informed. It may be that you do have reason to believe that someone lacks the capacity to understand the consequences of consenting and so cannot give informed consent. If so, a third party with the legal right to make decisions on their behalf (eg under a Power of Attorney) can give consent.
I've just been asked this question too! I'm thinking that if it was a conversation on a personal phone the data isnt being processed by the organisation and therefore would not need to be provided by company. Would anyone have any thoughts on this stance please?
I’ve just been asked this question too! I’m thinking that if it was a conversation on a personal phone the data isnt being processed by the organisation and therefore would not need to be provided by company. Would anyone have any thoughts on this stance please?
I'm looking at each department for the first steps, that way the questions/support will be tailored to the appropriate business area. Once I have a programme that is working I'm looking to expand it across the wider business area.
I’m looking at each department for the first steps, that way the questions/support will be tailored to the appropriate business area. Once I have a programme that is working I’m looking to expand it across the wider business area.
GDPR and PECR
Liz
Useful information Petra, thank you!
Useful information Petra, thank you!
See lessJob applications and Consent
Liz
I recently researched a similar situation and came across this article: https://www.xperthr.co.uk/faq/should-employers-ask-job-applicants-for-consent-to-process-their-data-under-the-uk-gdpr/162845/ I am using legitimate interest having reviewed it.
I recently researched a similar situation and came across this article:
https://www.xperthr.co.uk/faq/should-employers-ask-job-applicants-for-consent-to-process-their-data-under-the-uk-gdpr/162845/
I am using legitimate interest having reviewed it.
See lessRenewal emails
Liz
Routine customer service messages do not count as direct marketing – in other words, correspondence with customers to provide information they need about a current contract or past purchase (eg information about service interruptions, delivery arrangements, product safety, changes to terms and condiRead more
Routine customer service messages do not count as direct marketing – in other words, correspondence with customers to provide information they need about a current contract or past purchase (eg information about service interruptions, delivery arrangements, product safety, changes to terms and conditions, or tariffs). General branding, logos or straplines in these messages do not count as marketing. However, if the message includes any significant promotional material aimed at getting customers to buy extra products or services or to renew contracts that are coming to an end, that message includes marketing material and the rules apply.
https://ico.org.uk/for-organisations/guide-to-pecr/electronic-and-telephone-marketing/#directmarketing
I think this suggests otherwise? I’m even more confused now!
See lessRenewal emails
Liz
Really useful Stephen, clarifies my thinking! :)
Really useful Stephen, clarifies my thinking! 🙂
See lessHow do you get your training content?
Liz
There are many companies that provide e-learning modules with an LMS system. We've just been through the process of having a number of demos to see which suited our needs and compared the cost. Our final decision was to have our own customer built which provides us with content that is relevant to oRead more
There are many companies that provide e-learning modules with an LMS system. We’ve just been through the process of having a number of demos to see which suited our needs and compared the cost. Our final decision was to have our own customer built which provides us with content that is relevant to our organisation. Its been an interesting process to shop around and see the different styles.
See lessWhatsapp Conversation relating to data subject on a work related matter on a non-work phone between senior managers. Is this SAR-able and FOI-able?
Liz
Before reading Andreas post I clarified the situation with the ico. The response I received is: If the whatsapp group is under the control of the organisation, then it would be covered under a subject access request. If staff within the organisation have set up a whatsapp group, but this is not undeRead more
Before reading Andreas post I clarified the situation with the ico. The response I received is:
If the whatsapp group is under the control of the organisation, then it would be covered under a subject access request. If staff within the organisation have set up a whatsapp group, but this is not under the control of the organisation, then you would not be obligated to provide the messages in response to a SAR.
See lessCapacity and Consent
Liz
Hi, I'm not sure if this is any help at all but I've just come across an article on the ico website on consent and capacity: The UK GDPR does not contain specific provisions on capacity to consent, but issues of capacity are bound up in the concept of ‘informed’ consent. Generally, you can assume thRead more
Hi, I’m not sure if this is any help at all but I’ve just come across an article on the ico website on consent and capacity:
The UK GDPR does not contain specific provisions on capacity to consent, but issues of capacity are bound up in the concept of ‘informed’ consent. Generally, you can assume that adults have the capacity to consent unless you have reason to believe the contrary. However, you should ensure that the information you provide enables your intended audience to be fully informed. It may be that you do have reason to believe that someone lacks the capacity to understand the consequences of consenting and so cannot give informed consent. If so, a third party with the legal right to make decisions on their behalf (eg under a Power of Attorney) can give consent.
Heres the link: https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/consent/what-is-valid-consent/#what8
See lessBirthday Cards
Liz
Hi, there was a similar post back at the start of the year about sending gifts to employees. The responses could also reply to cards. Hope this helps!
Hi, there was a similar post back at the start of the year about sending gifts to employees. The responses could also reply to cards. Hope this helps!
See lessWhatsapp Conversation relating to data subject on a work related matter on a non-work phone between senior managers. Is this SAR-able and FOI-able?
Liz
I've just been asked this question too! I'm thinking that if it was a conversation on a personal phone the data isnt being processed by the organisation and therefore would not need to be provided by company. Would anyone have any thoughts on this stance please?
I’ve just been asked this question too! I’m thinking that if it was a conversation on a personal phone the data isnt being processed by the organisation and therefore would not need to be provided by company. Would anyone have any thoughts on this stance please?
See lessData Protection Champions
Liz
I'm looking at each department for the first steps, that way the questions/support will be tailored to the appropriate business area. Once I have a programme that is working I'm looking to expand it across the wider business area.
I’m looking at each department for the first steps, that way the questions/support will be tailored to the appropriate business area. Once I have a programme that is working I’m looking to expand it across the wider business area.
See less