Recent content by Keith Budden
-
Anyone solved the GDPR actions with TNT or folks that deliver for you?
When their legal counsel tells you otherwise, what are they saying? are they saying they are joint data controllers?- Keith Budden
- Post #2
- Forum: Legal, Employment and Insolvency
-
SOS ....
You also need a clear data processor/data controller agreement with each of your clients, so that the boundaries of what each of you can do with the data are clear. When you say you are given data by your clients which you return back to them, how does this transfer take place and how is...- Keith Budden
- Post #6
- Forum: Legal, Employment and Insolvency
-
next of kin
To answer your question in reverse order, it is the next of kin in that instance who is the data subject (since it is their phone number etc), however I think both for the freelancer and the next of kin you could probably make a successful argument that both fall under the vital interest clause...- Keith Budden
- Post #12
- Forum: Legal, Employment and Insolvency
-
Mandatory Marketing emails for contracted customers?
If they have a contract with you, and your contract states that you will send these materials to them (and that clause was there when they entered into the contract) then you don't need additional consent from them, but this has to be part of the contract, you can't make the consent button on...- Keith Budden
- Post #2
- Forum: Legal, Employment and Insolvency
-
What _exactly_ is health data?
My personal view would be to play safe and treat it as health data. Although it is relatively low level, my guess is most of us would not want the outside world to know whether we were sleeping soundly in our beds at night or not.- Keith Budden
- Post #3
- Forum: Legal, Employment and Insolvency
-
Collecting business cards at trade shows
I would say 1. this is fine, and what is expected when you hand over a business card. However your first communication with them should ask for positive response that they want to continue to hear from you, it is not enough to simply have an unsubscribe option (although that needs to be there...- Keith Budden
- Post #4
- Forum: Legal, Employment and Insolvency
-
Facebook pretends to comply with GDPR
If you read the Register article again you will see it is only the Non-EU users accounts it has moved to California. That makes sense as GDPR won't apply to them anyway.- Keith Budden
- Post #9
- Forum: Legal, Employment and Insolvency
-
Bare minimum info
No I don't think you'd need to record the call. It would probably be worth keeping on the customer record the date and time they first called though so you could track it that way. Yes you would need to advise about the payment provider and the courier. Again I would cover it off in as few...- Keith Budden
- Post #4
- Forum: Legal, Employment and Insolvency
-
Bare minimum info
Correct re legal reason, but you would also probably satisfy the contractual reason too. With phone orders, theoretically yes - hopefully it could be covered off in one sentence. If you have a phone system which already tells people calls may be recorded for training purposes etc, you could...- Keith Budden
- Post #2
- Forum: Legal, Employment and Insolvency
-
Facebook pretends to comply with GDPR
Theoretically at least the EU Information Commissioners could take two possible actions - one they could mount a criminal case against Facebook, and given that the maximum penalty is 4% of global turnover or €20 million whichever is the greater (and in the case of Facebook that puts the maximum...- Keith Budden
- Post #6
- Forum: Legal, Employment and Insolvency
-
Facebook pretends to comply with GDPR
If it's data re EU citizens it doesn't matter whether they are storing it in Lewisham, Venice, Los Angeles or the Moon, they still fall under GDPR, it's where the person is that is the overriding factor, not where the data is.- Keith Budden
- Post #4
- Forum: Legal, Employment and Insolvency
-
Google Analytics, FB Pixel, Adwords Retargeting - What is needed?
Ideally you should have your website code such that if they don't consent to the Facebook pixel or the Google cookie, your website doesn't run the javascript which plants the pixel/cookie for that user. I say 'ideally' because it really depends how your website is structured, if you're using a...- Keith Budden
- Post #6
- Forum: Legal, Employment and Insolvency
-
Best way to make large legacy email list compliant
I would advise B) --- yes you probably will lose a reasonable proportion of your list, hard to be specific but on clients I've worked with on GDPR (over 80 now), the drop off rate has been closer to 40% than 90, but it's impossible to give a generic figure as it does depend so much on where the...- Keith Budden
- Post #3
- Forum: Legal, Employment and Insolvency
-
Some advice needed please!
Fully agree with what Simon has said above. You are the data processor in this instance and should have a data controller/data processor agreement in place with each of your clients.- Keith Budden
- Post #4
- Forum: Legal, Employment and Insolvency
-
Loss of Parcel/Missing Document Enclosed Label
Technically - yes it's a data breach. Just keep a record in your data breach register.- Keith Budden
- Post #4
- Forum: Legal, Employment and Insolvency