Dirk
Forum Replies Created
-
Posts
-
This reply has been marked as private.This reply has been marked as private.
claim listing update came today? Could you please explain what is exactly missing in the GD framework and what is the roadmap as we are all a little bit late?
This reply has been marked as private.About the right for portability:
There is/was a WP (working party/group) about this topic related to Art. 20 GDPR:
https://ec.europa.eu/information_society/newsroom/image/document/2016-51/wp242_en_40852.pdfFirst, data portability is a right to receive personal data processed by a data controller, and to store it for further personal use on a private device, without transmitting it to another data controller.
Only personal data is in scope of a data portability request. Therefore, any data, which is anonymous or does not concern the data subject, will not be in scope. However, pseudonymous data that can be clearly linked to a data subject (e.g. by him or her providing the respective identifier, cf. Article 11 (2)) is well within the scope.
I recommand to read the corresponding annotation of the working group to get a better understanding of what is meant with all this 🙂
claim listing addon: there was no update for this addon.
This reply has been marked as private.This reply has been marked as private.This reply has been marked as private.This reply has been marked as private.Hi Stiofan,
I’m working in a big midsize company and we have our own data protection commissioner and also a company lawyer. This is what counts for me. No WP team and also no team from GD (and I guess you are not a lawyer).
Your statement for potential fines is incorrect. If you have a leakage and have not done it correctly you will be punished (financially) hard. There is no excuse that a WP team had a different view on the things.
As I mentioned above I will wait what we will have. And each one needs to have a records of processing activities. This is a must and not an option in GDPR (Art. 30). If you don’t have it and you have an audit from the official authorities, this can have huge impacts on your company or you as a person.
Based on the list of processing activities everything is derived. Depending on the personal data you are processing different state of the art technologies has to be implemented.My view on this topic is always to think if you are introducing a GDPR related processing activity if this is really helpful for the user. If not or is nice to have, don’t do it or have a switch to disable it (here again about the auto-draft function). I would never store at this moment an IP on this auto-draft. There is no reason to do so. I will implement for WP that in such a case always 127.0.0.1 will be returned. Please be aware if you are implementing something based on auto-draft function the IP might be anonymous by someone. Then it might be a weird behaviour that everyone is getting a message about an existing auto-draft.
BTW: This is my personal (and together with some experts) view on this topic. Other in different environments might also be suitable. It is in each responsibility to realize the GDPR. Most of the things are nothing new and should be already available.
Best,
DirkHi Stiofan,
text for the privacy policy, integration into the export/erase tools and to have some consent management is one part and might not get you GDPR compliance. I will wait until you are finshed and will check with my lawyer what we have. At the moment I get the feeling when I’m listening to my lawyer that this will not be enough to be compliant at all.
At the end I need this records of processing activities anyhow (this is law) and we are now finishing collecting all information. We have not yet decided on what level we like to finsh this regarding the website. One open point is the granularity of the use cases (processing activities). Is “calming a list” one activity or is the whole directory one activity. We are soon be ready to do this decision.
If “claming a list” is an activity, then we need the above mentioned information from your side about the processing of personal data in each step.This is also a reason, that I don’t like this function in GDv2 where you store the IP when visiting the add place, because we are then in the whole topic of GDPR.
For me GDPR is to rethink of what information we are collecting and to limit this to the lowest level. If it is not really needed, don’t collect the information (like IPs etc.).
Best,
DirkMy requirement is still to have such kind of message and the feature to refill the fields as an option.
Best,
Dirkto be more precise: I don’t have a usecase for the feature:
1) Visit the add place page start editing
2) leave the page
3) Revisit the add place page and continue to editSo, I don’t need this feature. If you are talking about a usecase like SPAM protection, I agree that this is a must feature. But this is a different usecase to the above and no need to give the user a message/feedback or even to refill the fields.
Again, this feature like it is implemented at the moment is confusing a user as described above.
Best,
Dirk
