In this instance I would charge a fee for further work on the SAR, this is likely to quelle their enthusiasm. It is perfectly acceptable to charge a fee for work that goes above and beyond what is reasonable.
In this instance I would charge a fee for further work on the SAR, this is likely to quelle their enthusiasm. It is perfectly acceptable to charge a fee for work that goes above and beyond what is reasonable.
Lawful basis would be contract and service message. However once the subscription expires then the lawful basis would be Legitimate Interest and marketing. Personally I continue to use contract for a period of 1 month after expiration. if I hear nothing from the 'member' after this period it's usualRead more
Lawful basis would be contract and service message. However once the subscription expires then the lawful basis would be Legitimate Interest and marketing.
Personally I continue to use contract for a period of 1 month after expiration. if I hear nothing from the ‘member’ after this period it’s usually safe to say they are not looking to renew.
Sounds like it is a company wide initiative so in this case I would use one of the 'security awareness providers' who as part of the solution provide phish testing emails, hundreds of videos on GDPR and other security related topics, and importantly a delivery mechanism to ensure employees are engagRead more
Sounds like it is a company wide initiative so in this case I would use one of the ‘security awareness providers’ who as part of the solution provide phish testing emails, hundreds of videos on GDPR and other security related topics, and importantly a delivery mechanism to ensure employees are engaged. Employee engagement is key and very difficult to achieve. If a breach were to happen the ICO will ask the question – ‘When were your employees last trained’….so you need evidence of a program rollout and employee engagement.
We use KnowBe4 as they have the largest video content and then include a services wrap for cyber security training sessions and to deliver the phish email tests.
In the spirit of openness on this forum you could choose from between 10 and 20 mainstream vendors, all of which would fit the bill.
I would recommend the specialist GDPR companies only if you want specific individual’s, such as a DPO, to get some certificates.
If they are your customers then you already have a basis for processing and storing their information however that will not by default include other purposes such as loyalty schemes. You are best advised to seek consent to further process their information for a loyalty scheme.
If they are your customers then you already have a basis for processing and storing their information however that will not by default include other purposes such as loyalty schemes.
You are best advised to seek consent to further process their information for a loyalty scheme.
I'd echo Egil, and like Egil, I'm not truly objective as I am in the process of gearing up to use/promote PriviQ. They are new to the UK but established in other geo locations. The key for me is the price which you can see on their website. Happy to arrange a demo. For sure you cannot go wrong withRead more
I’d echo Egil, and like Egil, I’m not truly objective as I am in the process of gearing up to use/promote PriviQ. They are new to the UK but established in other geo locations. The key for me is the price which you can see on their website. Happy to arrange a demo.
For sure you cannot go wrong with DPOrganiser – it does what is says on the tin.
I've never heard of SmartBox so checked them out. I'd be careful as parts of their website are still in Latin and their cookie 'more info' button takes you to a marketing companies page that drops more cookies. I'm sure they are a good company but it tells me they are resource stretched at present wRead more
I’ve never heard of SmartBox so checked them out. I’d be careful as parts of their website are still in Latin and their cookie ‘more info’ button takes you to a marketing companies page that drops more cookies. I’m sure they are a good company but it tells me they are resource stretched at present which may affect product development, response and support.
As the others have said – due diligence is key.
Finding emails is easy, redacting and preparing for submission to the requestor is not and sadly the cost of doing so in an automated fashion is very expensive.
I’m sure you have not but don’t forget your unstructured data too.
We do have a commercial arrangement with a company called Guardum which is top of the tree when it comes to DSAR’s. If you want to know more let me know.
HellenB is spot on. If you do not have valid consent I would suggest trying the following: Email the ladies explaining the project and the primary purpose is a positive outcome for women in that industry but highlight openly that the long term results will likely be a raised profile and promotion ofRead more
HellenB is spot on. If you do not have valid consent I would suggest trying the following:
Email the ladies explaining the project and the primary purpose is a positive outcome for women in that industry but highlight openly that the long term results will likely be a raised profile and promotion of the charity itself.
Explain that you are looking for testimonials and focus group engagement only and as such are seeking one off consent to participate in this initiative.
Reassure that existing communication preference will remain unaffected.
This is what I call the pragmatic approach and has served me well so far.
LI does not require consent and it is the industries way of circumventing the current cookie regulations that require consent. Most that do this have an object to all button but is is important to realise, which most people don't, that you need to hit two buttons not one! At present there is nothingRead more
LI does not require consent and it is the industries way of circumventing the current cookie regulations that require consent.
Most that do this have an object to all button but is is important to realise, which most people don’t, that you need to hit two buttons not one!
At present there is nothing you can do about it save use a different website. The worst are the media companies and the likes of Formula 1.
Confused – ‘data definitions and calculations’ – must be provided prior to contract?
Stephen Lark
Thanks for your response. This was my first response too however the deadline had passed for asking questions!
Thanks for your response. This was my first response too however the deadline had passed for asking questions!
See lessClosing a DSAR
Stephen Lark
In this instance I would charge a fee for further work on the SAR, this is likely to quelle their enthusiasm. It is perfectly acceptable to charge a fee for work that goes above and beyond what is reasonable.
In this instance I would charge a fee for further work on the SAR, this is likely to quelle their enthusiasm. It is perfectly acceptable to charge a fee for work that goes above and beyond what is reasonable.
See lessRenewal emails
Stephen Lark
Lawful basis would be contract and service message. However once the subscription expires then the lawful basis would be Legitimate Interest and marketing. Personally I continue to use contract for a period of 1 month after expiration. if I hear nothing from the 'member' after this period it's usualRead more
Lawful basis would be contract and service message. However once the subscription expires then the lawful basis would be Legitimate Interest and marketing.
Personally I continue to use contract for a period of 1 month after expiration. if I hear nothing from the ‘member’ after this period it’s usually safe to say they are not looking to renew.
See lessUK company providing GDPR training for employees?
Stephen Lark
Sounds like it is a company wide initiative so in this case I would use one of the 'security awareness providers' who as part of the solution provide phish testing emails, hundreds of videos on GDPR and other security related topics, and importantly a delivery mechanism to ensure employees are engagRead more
Sounds like it is a company wide initiative so in this case I would use one of the ‘security awareness providers’ who as part of the solution provide phish testing emails, hundreds of videos on GDPR and other security related topics, and importantly a delivery mechanism to ensure employees are engaged. Employee engagement is key and very difficult to achieve. If a breach were to happen the ICO will ask the question – ‘When were your employees last trained’….so you need evidence of a program rollout and employee engagement.
We use KnowBe4 as they have the largest video content and then include a services wrap for cyber security training sessions and to deliver the phish email tests.
In the spirit of openness on this forum you could choose from between 10 and 20 mainstream vendors, all of which would fit the bill.
I would recommend the specialist GDPR companies only if you want specific individual’s, such as a DPO, to get some certificates.
See lessUK company providing GDPR training for employees?
Stephen Lark
Yesterday I wrote a full response but it got blocked. Wonder if the fault has been corrected.
Yesterday I wrote a full response but it got blocked. Wonder if the fault has been corrected.
See lessLoyalty schemes
Stephen Lark
If they are your customers then you already have a basis for processing and storing their information however that will not by default include other purposes such as loyalty schemes. You are best advised to seek consent to further process their information for a loyalty scheme.
If they are your customers then you already have a basis for processing and storing their information however that will not by default include other purposes such as loyalty schemes.
You are best advised to seek consent to further process their information for a loyalty scheme.
See lessROPA/PIA SaaS solution
Stephen Lark
I'd echo Egil, and like Egil, I'm not truly objective as I am in the process of gearing up to use/promote PriviQ. They are new to the UK but established in other geo locations. The key for me is the price which you can see on their website. Happy to arrange a demo. For sure you cannot go wrong withRead more
I’d echo Egil, and like Egil, I’m not truly objective as I am in the process of gearing up to use/promote PriviQ. They are new to the UK but established in other geo locations. The key for me is the price which you can see on their website. Happy to arrange a demo.
For sure you cannot go wrong with DPOrganiser – it does what is says on the tin.
I don’t know Keepabl
Like all purchases – due diligence is key
See lessExtracting emails and duplication of data in SARs
Stephen Lark
I've never heard of SmartBox so checked them out. I'd be careful as parts of their website are still in Latin and their cookie 'more info' button takes you to a marketing companies page that drops more cookies. I'm sure they are a good company but it tells me they are resource stretched at present wRead more
I’ve never heard of SmartBox so checked them out. I’d be careful as parts of their website are still in Latin and their cookie ‘more info’ button takes you to a marketing companies page that drops more cookies. I’m sure they are a good company but it tells me they are resource stretched at present which may affect product development, response and support.
As the others have said – due diligence is key.
Finding emails is easy, redacting and preparing for submission to the requestor is not and sadly the cost of doing so in an automated fashion is very expensive.
I’m sure you have not but don’t forget your unstructured data too.
We do have a commercial arrangement with a company called Guardum which is top of the tree when it comes to DSAR’s. If you want to know more let me know.
See lessPECR – Marketing and service emails
Stephen Lark
HellenB is spot on. If you do not have valid consent I would suggest trying the following: Email the ladies explaining the project and the primary purpose is a positive outcome for women in that industry but highlight openly that the long term results will likely be a raised profile and promotion ofRead more
HellenB is spot on. If you do not have valid consent I would suggest trying the following:
Email the ladies explaining the project and the primary purpose is a positive outcome for women in that industry but highlight openly that the long term results will likely be a raised profile and promotion of the charity itself.
Explain that you are looking for testimonials and focus group engagement only and as such are seeking one off consent to participate in this initiative.
Reassure that existing communication preference will remain unaffected.
This is what I call the pragmatic approach and has served me well so far.
See lessCookies and legitimate interest
Stephen Lark
LI does not require consent and it is the industries way of circumventing the current cookie regulations that require consent. Most that do this have an object to all button but is is important to realise, which most people don't, that you need to hit two buttons not one! At present there is nothingRead more
LI does not require consent and it is the industries way of circumventing the current cookie regulations that require consent.
Most that do this have an object to all button but is is important to realise, which most people don’t, that you need to hit two buttons not one!
At present there is nothing you can do about it save use a different website. The worst are the media companies and the likes of Formula 1.
See less