IPB

Welcome Guest ( Log In | Register )

 
Reply to this topicStart new topic
> off topic advice regarding GDPR
duncanmatthias
post Mar 9 2018, 02:39 PM
Post #1


Hero
*******

Group: Administrators
Posts: 2,010
Joined: 29-November 07
From: Tonbridge, Kent
Member No.: 188



I would be very interested to have a chat with someone who from a professional point of view is well versed in the minefield that is the new General Data Protection Regulation that comes into play in May

thanks

Duncan
Go to the top of the page
 
+Quote Post
Ryan
post Mar 9 2018, 02:46 PM
Post #2


Legend
********

Group: Members
Posts: 4,810
Joined: 23-June 08
From: Essex
Member No.: 574



QUOTE(duncanmatthias @ Mar 9 2018, 02:39 PM) *
I would be very interested to have a chat with someone who from a professional point of view is well versed in the minefield that is the new General Data Protection Regulation that comes into play in May

thanks

Duncan


I have some knowledge - been dealing with clients fears for a few months now and have access to some really useful PDF’s from work I can pass you.

If no one more “expert” comes forward give me a call.
Go to the top of the page
 
+Quote Post
Trickyz
post Mar 9 2018, 03:13 PM
Post #3


Heldsman
*****

Group: Members
Posts: 795
Joined: 22-February 14
From: Sidcup
Member No.: 3,369



Hi Duncan,

I am the Data Protection Officer for the companies I work for and I have just finished writing our GDPR policy. I would be happy to share the information with you over the weekend.

In addition to a DPO you will also need someone who is very conversant in IT security for the digital data protection elements including data mapping etc.

In any event we can chat over the weekend.

Many Thanks

Richard



--------------------
Richard Eden (Real Life Human)
Rangar
General Arkus (Mystic) 1,050pt - Big Hat
Baltar (Ggrutuck Warrior) 450pts of naughty
Warf (Ggrutuck Artificer) 100pt - Massive Horns
Twitch (Twilight Elf) 100pt - Twitchy and useless
Strike 100pts of I am not telling but no he is not an AP
Go to the top of the page
 
+Quote Post
Forefallen
post Mar 9 2018, 03:21 PM
Post #4


Militiaman
****

Group: Members
Posts: 467
Joined: 2-December 14
Member No.: 4,026



I am familiar with the IT side of data protection as I manage stuff like that for work.

I'd be happy to give you the material I have on it if you'd like.


--------------------
Tarek - Ishmaic Psi/dancer Golem -
Kurai - Amlesian Monk
Jata - Amlesian Troll Shaman
Laurelion - Ebony Drave Silver/Jade Wizard
Killian - Half Dark Elf Red Warlock
Joshua De Fontaine - Healing Pure Priest
Sun'so - Amlesian Wizard
Amatir - Mortimancer
Sparek - Black/Brown/Silver Faerie Blanket
Alfie Autumn - Human Mystic with a twist
Hilliam Wunt - Lets not talk about this one...
Go to the top of the page
 
+Quote Post
gormaden
post Mar 9 2018, 03:57 PM
Post #5


Mercenary
******

Group: Members
Posts: 1,584
Joined: 14-April 12
From: under a rock
Member No.: 2,327



Have a look at :
https://ico.org.uk/for-organisations/resour...gdpr-resources/
https://ico.org.uk/for-organisations/busine...tion-gdpr-faqs/
https://ico.org.uk/media/for-organisations/...pr-12-steps.pdf

So from the PDF - point 8

Children "You should start thinking now about whether you need to put systems in place to verify individuals’ ages and to obtain parental or guardian
consent for any data processing activity."

An immediate example I can think of you need a database of dates of births so you know the age of young players so you can ensure no one under age is playing.
Additionally you have a the appropriate processes in place to ensure that YP are supervised by people that have passed their CRB checks.
Therefore that's why you have a list of people that have CRB checks passed.


--------------------
Marcos
Lucien Hollowfall - Phoenix Warlock
Flint - Ratfolk "warrior"
Huskar - The KRAKAN
Boglo - Weapons Priest
Borin - Elder Fey Blue Mage
Go to the top of the page
 
+Quote Post
atem55
post Mar 9 2018, 08:03 PM
Post #6


Levy
***

Group: Members
Posts: 100
Joined: 19-October 15
From: Southampton
Member No.: 4,528



Seems like you have plenty of resource already, but I'm the Data Architect for Aviva Health and am fairly heavily involved with our GDPR project.

Carl


--------------------
Cathbad Dannan - Human Druid/Arch-Druid
Morgrain Ironfist - Dwarf Warrior -
Zannifar Al'Azim - Ishmaic Rain Fire Warlock
Vladik Kovak - Baronial Circle Psi-Master
Trellis D'Tarn - Warrior Priest of The Lady of Stars and Skies
Go to the top of the page
 
+Quote Post
Martinj
post Mar 10 2018, 12:11 AM
Post #7


Mercenary
******

Group: Members
Posts: 1,870
Joined: 21-October 08
Member No.: 734



QUOTE(Trickyz @ Mar 9 2018, 03:13 PM) *
Hi Duncan,

I am the Data Protection Officer for the companies I work for and I have just finished writing our GDPR policy. I would be happy to share the information with you over the weekend.

In addition to a DPO you will also need someone who is very conversant in IT security for the digital data protection elements including data mapping etc.

In any event we can chat over the weekend.

Many Thanks

Richard


Actually, I don’t think Duncan would need a DPO (from the FAQ):

Does my business need to appoint a Data Protection Officer (DPO)?
DPOs mustbe appointed in the case of: (a) public authorities, (cool.gif organizations that engage in large scale systematic monitoring, or © organizations that engage in large scale processing of sensitive personal data (Art. 37). If your organization doesn’t fall into one of these categories, then you do not need to appoint a DPO.

I recommend taking a look at the FAQ and Key Changes. There’s a lot of misunderstanding around the legislation - there are some significant changes (especially size of penalty, and right to have data deleted), but much of it is pretty close to the existing Data Protection Act.

I hasten to add that I’m not an expert, but have spent considerable time discussing GDPR, DPA and data with IT suppliers, lawyers and others. I’ve also taken an SME most of the way through ISO27001.

Happy to help if needed, and will be quick to say “I don’t know” if I don’t! I would strongly suggest you take Ryan up on the offer of his PDFs!
Go to the top of the page
 
+Quote Post
whiteknight
post Mar 11 2018, 09:00 AM
Post #8


Mercenary
******

Group: Members
Posts: 1,420
Joined: 10-August 12
From: Billericay
Member No.: 2,472



Duncan,

You will not need a DPO.

For my sins I am the compliance man amongst other things. I have already completed our GDPR work and all signed off by our Legal people in the City.

The difficult part is sitting down and putting the pieces of the jigsaw together and then evidencing the fact that you are compliant. I have templates I have designed but without the knowledge part they won’t mean very much on their own - inormation Asset Register, Data Flow Maps, privacy notices etc.

The data you hold on children is minimal do don’t let anyone worry you to death, also you don’t send marketing emails or sell your data on so you don’t have a huge network to worry about.

Happy to offer you time on this but I think you’d need to come to me and sit down over a few evenings to get it done.

Richard


--------------------
Sh*t - Son of Git, Squire of the Order of Dragons - 7K
Fitz Blizzard - Winter Elf Scout - 325 points
Go to the top of the page
 
+Quote Post
Nibs
post Mar 11 2018, 09:56 AM
Post #9


Militiaman
****

Group: Members
Posts: 616
Joined: 19-February 08
Member No.: 388



I designed and built the GDPR solution for corporate governance software.

You have fewer than 250 employees so Article 30, the one that goes on about all the details you have to keep about why and how you have the data, probably doesn't apply. Article 30, paragraph 5:

"The obligations referred to in paragraphs 1 and 2 shall not apply to an enterprise or an organisation employing fewer than 250 persons unless the processing it carries out is likely to result in a risk to the rights and freedoms of data subjects, the processing is not occasional, or the processing includes special categories of data as referred to in Article 9(1) or personal data relating to criminal convictions and offences referred to in Article 10."

Paragraphs 1 & 2 are the ones that list all the stuff you have to keep to show why and how you have the data.

Admittedly the solution I built is mainly to do with recording just such information so there will other obligations in the Regs that I haven't bothered with smile.gif


--------------------
Nibs
Plays:
[REDACTED] Tarkin (Black Seer)
Tubbs (750pts Border Friar)
Shugoki (250pts Amlesian ogre magi warrior of the jewel)
Go to the top of the page
 
+Quote Post

Reply to this topicStart new topic
2 User(s) are reading this topic (2 Guests and 0 Anonymous Users)
0 Members:

 



Lo-Fi Version Time is now: 23rd July 2018 - 12:01 PM
Original Darkness Skin Created by Danellis
Converted by Mdgshorty of New Horizon Skins