back to article Info Commish offers privacy addicts a 12-step GDPR programme

Data privacy addicts are being urged to take a 12-step programme – by no less than the UK's Information Commissioner's Office. The ICO, which is the Brit government agency responsible for enforcing Britain's rather weak data laws, has issued guidance for companies to seek redemption ahead of the EU GDPR rules coming into force …

  1. This post has been deleted by its author

    1. Anonymous Coward
      Anonymous Coward

      Re: Online Law Needs Reforming

      Prove that you did not leak or loose those details?

      1. This post has been deleted by its author

        1. Doctor Syntax Silver badge

          Re: Online Law Needs Reforming

          "The issue was that my credit card(s) were visible, but expired"

          Whoa there! Isn't that contrary to all manner of regulations, merchant T&Cs etc? You could use that to demand answers or else but if you did I'm sure the evidence would disappear PDQ.

          And incorrect data under your account? Someone suggested the other day that if the company refuses to answer questions on account the the DPA, ask them for the section of the Act they're depending on. Although in this case I'd make them a counter offer - thery can answer the ICO's questions instead because unless I could get satisfaction that would be my next port of call. Failing to maintain proper business records is probably an offence under company law.

          1. This post has been deleted by its author

        2. Anonymous Coward
          Anonymous Coward

          Re: No worries about the downvotes.

          As said, you do sound legit. But the chances of M&S getting "hacked" verses loosing a laptop with a login details somewhere/leaving a pc on and family using it is much much higher.

          Again, I don't doubt you. Also I do know how easy it would be for an employee to type over details (I have no idea if M&S system allows it, but I have seen other firms where staff just typed new account details in any box, including old or existing customers).

          So while you may or may not be right, the odds are sadly against you from M&S point of view, and any public (me) who hear your story. Only you and the other person, if self observant enough, know if you left your details/account info somewhere to be gobbled up.

          However, if you are certain you never left them anywhere, then I'd assume it was a postcode search error, and the customer assistant stupidly typed over your details. That should get you a hamper + a nice £50(?) and apology letter. But that would require M&S admitting error... fat chance!

  2. LeahroyNake

    Nice link

    Thank you for linking to the ICO guide.

    Seems simple enough to follow and will at least show that we have done something and are trying to conform without having to hire someone in. Speaking from the point of view as a small business with less than 50 employees.

    1. itguy

      Re: Nice link

      @LeahroyNake so long as you are not doing anything fancy with your data, GDPR is more than manageable by a small business. You do need to make website changes and you do need to educate your staff on what's ok and what's not. Start with the record keeping as that will tell you where the gaps are.

    2. Anonymous Coward

      Re: Nice link

      It can be summed up very quickly for a small business (and most others really)

      If you don't need it in the first place; don't ask for it

      If you don't need to store it; don't store it.

      If you do need to store it; protect it.

      1. Sir Runcible Spoon

        Re: Nice link

        And have a procedure/policy in place if someone requests what info you have on them or ask you remove their information from your system.

  3. EnviableOne Silver badge

    Old news

    The ICO 12 steps to GDPR have been out since 2016

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like