Recent content by Mike Etherington

  1. Mike Etherington

    Anyone solved the GDPR actions with TNT or folks that deliver for you?

    Most of our delivery firms agree they are a sub processor to our processor of info provided to our customers by their customers :-) And signed agreements to confirm. TNT and DHL are quoting old DPA statements from 2013 and before, that state they are always the controller. don't see how that can...
  2. Mike Etherington

    Anyone solved the GDPR actions with TNT or folks that deliver for you?

    Nobody? Also if we are drop shipping to the customer of our customer - we are processor and TNT are sub processor - what agreement to we therefore need with them in that case? This could turn into a million different contract changes!
  3. Mike Etherington

    Anyone solved the GDPR actions with TNT or folks that deliver for you?

    I just spoke to the ICO helpdesk! They agree with my assessment that in the way we use TNT they are the processor and we are the controller of the personal data that is needed to make a delivery. This is the opposite of what TNT's legal counsel told me :-) Anyone else had dealings with...
  4. Mike Etherington

    GDPR - don't forget your staff need a privacy policy too

    No, you don't need consent, but you do need to show staff what info you have, what for and the legal basis (mostly legal obligations or legitimate interest of being an employer). An update to the handbook, shared with staff, also ensuring they know THEIR obligations and your register of HR data...
  5. Mike Etherington

    DPA or GDPR

    Well if GDPR date is May 25 presumably the previous one!
  6. Mike Etherington

    Links back from reputable websites

    My understanding is that link backs are still considered by google when ranking sites. However the most important thing is the content of your site. All the old "SEO" tricks are mostly irrelevant now though common sense things like <title> and <description> and <alt> tags on images still have...
  7. Mike Etherington

    Soft Opt-in / Legitimate Interest ?

    My understanding is the same as twaen - you cannot really get away with the previous opt ins as they are not compliant. Sounds like you could easily email those you have and ask them to opt in using a compliant message. you'll lose a bunch but they don't want to hear any more anyway so a...
  8. Mike Etherington

    GDPR - don't forget your staff need a privacy policy too

    If anyone has sample contract changes for suppliers and customers I'll swap my HR stuff which is more or less done :) (Letter to employees, privacy policy fro employees and HR handbook updates).
  9. Mike Etherington

    After some advice

    I suspect there are tons of examples of "emails about people", both employees, potential employees, ex-employees and more!! The principle we are promoting is to assume the person being discussed will see the email! And to make sure communication about individuals is objective and has a purpose...
  10. Mike Etherington

    SOS ....

    This question is coming up a lot. When personal data is passed from controller to processor who needs to do the agreement? And what else is needed? Does the controller write an agreement for the process to sign? does the processor do it fro the controller to sign? Does anyone need to sign...
  11. Mike Etherington

    Best way to make large legacy email list compliant

    Or D) Something else :) One of my clients is physically calling all contacts, they are a phone based business. They are reconfirming all marketing details by phone then the system generates an email to confirm to the customer what consent was given. The customer can change the info at any time...
  12. Mike Etherington

    Anyone solved the GDPR actions with TNT or folks that deliver for you?

    No, they say they are the controller in their own right! Doesn't seem to make sense to me. I would have said our customer (who takes the end user order - and address details), is the controller, they order the actual product from us and ask us to deliver on their behalf. So we take the...
  13. Mike Etherington

    General GDPR wording for supplier/customer contracts

    Reading this forum it seems like we are all doing the same things and asking the same questions. I guess that's not a surprise really. Having done HR, privacy policy and a load of marketing, I'm moving onto supplier and customer contracts. Anyone got a form a words to share on either of those...
  14. Mike Etherington

    Anyone solved the GDPR actions with TNT or folks that deliver for you?

    I was under the impression TNT would be a "data processor" for us, the "data controller" when we pass our customer details to them in order for them to deliver to the user. Their legal counsel tells me otherwise. Like everyone else we are trying to update our documents/contracts etc to be GDPR...
See more
Top Bottom
Community
Articles
Menu