back to article Nine months and a lot more b*llocks to go before new EU data protection rules kick in

The UK’s information commissioner, Elizabeth Denham, has apparently become so infuriated with inaccurate claims about incoming data protection rules that she is penning a series of blogposts to “bust the myths”. The European Union’s General Data Protection Regulation - which comes into force in May 2018 - and the UK’s …

  1. 0laf

    Yep it's basically a torrent of companies trying to punt half baked 'compliance' tools and services. But ask them the simplest of questions and they really have no idea WTF they are trying to sell or what the legislation is all about.

    I've livened up many a dull afternoon messing with these guys on the phone. Cruel but necessary. Rule #1 if you want to sell me something you'd better know more about the subject/product than I do.

  2. frank ly

    In all fairness

    "The Information Commissioner’s Office guidance says that the best way for organisations to tell if it is a legitimate interest is to ask if what they intend to do “is fair”. "

    That's the sort of woolly thinking that causes arguments and problems. Why couldn't they have predicted this kind of confusion before they started and then been ready for it in a sensible manner?

    1. Anonymous Coward
      Anonymous Coward

      Re: In all fairness

      There isn't that much confusion. GDPR is on the order of 95% the same as the DPD - you can enumerate the key changes in 4 or 5 bullet points. The law isn't going to radically change. The penalties for breaking the law are. Organisations that are confused are organisations that have spent the last 20 years happily ignoring their responsibilities to their customers under the law.

      1. Yet Another Anonymous coward Silver badge

        Re: In all fairness

        tell if it is a legitimate interest is to ask if what they intend to do “is fair”.

        And how do you know it's fair ? just ask if it's a legitimate interest !

    2. Doctor Syntax Silver badge

      Re: In all fairness

      "That's the sort of woolly thinking that causes arguments and problems."

      Quite. Just what company is going to admit to itself that what it's doing might not be fair.

  3. phuzz Silver badge

    "She also noted that the ICO had yet to “invoke our maximum powers” - a £500,000 fine."

    That's not something to boast about. Perhaps if the ICO did fine more companies the maximum amount they might be a little more careful with their customer's personal information.

  4. Derichleau

    I had to ask my MP to get clarification about consent from the ICO for the DPA, and she was informed that on some occasions, consent can be obtained contractually. This is where the confusion stems. If a data controller can obtain our consent to do ANYTHING they want with our information when we agree to their terms, then what's the point? The Commissioner has to MAKE IT ABSOLUTELY CLEAR that consent MUST be obtained fairly and cannot be obtained contractually or from a privacy policy.

    Data controllers need to stop sending us direct marketing unless we specifically request it. Mailing list operators will have to call it a day and the companies that buy mailing lists should be prosecuted.

    1. VinceH

      "Data controllers need to stop sending us direct marketing unless we specifically request it."

      And where that request has been denied, absolutely must honour that denial, not disregard it and send marketing crap anyway (I recently lodged a complaint with the ICO about HSBC for doing exactly that).

      1. Alan Brown Silver badge

        " (I recently lodged a complaint with the ICO about HSBC for doing exactly that)."

        the other no-no is to honour an unsubscribe (or opt out) and then opt the person back in again a couple of years later

        I'm looking at YOU Asda.

    2. Alan Brown Silver badge

      "On some occasions, consent can be obtained contractually."

      In such cases it must be clear and provide an opt out, not buried down on page 23.

      Otherwise the unfair terms in contracts laws should apply.

      But this is england, so they can get away with anything

  5. K

    had yet to “invoke our maximum powers”

    Don't shout this too loud... This is acting as a great catalyst to get needed investment for security infrastructure.

  6. Anonymous Coward

    Sitting pretty here!

    MSFT have assured me that storing corporate data on OneDrive for Business means GDPR compliance so we're sorted. Simples!

    1. Anonymous Coward
      Anonymous Coward

      Re: Sitting pretty here!

      They forgot to mention the last bit - Its GDPR compliant for them!

      I honestly hope your joking about that.. If not, then you've just been spoon-fed the biggest load of BS.. GDPR is not about where you store the data - it's about how the data is stored, why it's stored, how it used and who has access to it. If you incorrectly configure a permission on OneDrive, then I hope you have a couple of gallons of lube, as the company will get a royal shafting.

      If you think you can palm off responsibility for storage onto M$, then think again, as GDPR explicitly states primary responsibility rests with the party who stored the data, not the service providers they were using (though there is some shared responsibility here).

      Don't worry, you're not the only one, at least 90% of the FTSE 100 believe they can offload reputation damage and responsibility by outsourcing!!

  7. Doctor Syntax Silver badge

    Company after company is pushing "self-assessment" kits to prove how under-prepared organisations are, while others are selling various widgets, gizmos and services that claim to help them comply.

    Given that so many companies have shown themselves to be unprepared to deal with what's already law and has been for a few decades not I'd have thought that anything which spurs them into activity should be considered a Good Thing.

    1. Nick Ryan Silver badge

      Unfortunately there are a huge number of organisations that will be defrauded with incorrect "advice" and bunk reasons for "further training" or "consultancy". Largely due to scare stories pushed by the media and those that benefit, as in those that sell this "training" and "consultancy".

  8. Anonymous Coward

    Monetise the FUD

    It's never going to be as rewarding as the Y2K boondoggle !

    1. Anonymous Coward
      Anonymous Coward

      Re: Monetise the FUD

      Have to agree, when I was at Uni (1999) my neighbor was a Cobol programmer and contracting for one of the big banks.. He'd do an hours work each day and then head home, and he was clearing £1000-£1500 per day.

      Saying that, I netted a nice £20k pay-rise by switching roles about 4 months ago.. moving from "infrastructure" to "security", so I dropped all user-fud, and now get to play with the cool security toys, deploy them and pass them on.. rinse and repeat, but no day is ever the same :)

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like