Re: You're not supposed to kill the goose
Tell that to the care workers, the pharmacy locums, the lorry drivers who are also now deemed inside IR35.
84 publicly visible posts • joined 19 Jun 2009
you mjight want to read what the ICO say, about Consent not being required always and, in fact, not relying on it if theres sonething else more appropriate:
https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/consent/
Not neccessarily. Depends on why they share the info, as for some non-marketing purposes they don't need consent. It's the legitimate business interest argument - when you apply for a mortgage, they could ask for all sorts of ID to prove your identiity, or they can choose to go off to a checking service and get the info that way. It's a more efficient way of doing it, and they don;t need consent provided they tell you that as part of the application process they''ll be doing it.
GDPr requires that if a request is made elctronically, then it must be responded to in electronic format, unless otherwise requested. He doesnt say what format he used, but assuming he requested email then:
the response should have gone either to a secure portal to which the genuine account holder had access, or could be given access
or the response should have been sent securely, and if by email then encrypted and 2fa used to provide the genuine account holder with the password
In either case, the genuine account holder should also have been provided with an acknowledgement of the request, which would have alerted them to such a request.
How do they propose linking social media identities to registration numbers? Will it be a mandatory field next time you register a vehicle?
Even if the technology worked, which it doesn't, such remote coverage only lets you identify that an offence was possibly committed, and not the prevention of such offences. By the time the system has flagged that car reg 'SMUGGL3RS' has made ten trips across the border and turn right round again, there are ten smuggled loads of whatever in circulation. You can stop the 11th, and prosecute for it, but by then there's another hapless mule lined up and the crooks have made their money.
No use to anyone though. If the keyboards are second hand, it only tells you who used them at some point in the past, not who dumped them. Even then, it only identifies that pool if their DNA is already on file, unless you're going to have a dragnet and sample everybody with at least one arm within 50 miles of Craven
Unfortunately the ICO can only fine them £500k, and as the card details seem to be in line with PCI that alternative is out too.
now if this had come a year later when GDPR is in effect and the maximum fine ramps up to the greater of £20m or 4% of turnover, it may have been different...
While they may not know that this applies to them, one would expect that they had something in place to review legislation and determine whether they are or are not in scope of it, on a regular basis.
I think that leaves two possibilities:
1) They are incompetent, and genuinely have no idea what regulations apply to them
2) They know which regulations apply to them, but wilfully ignore them.
Which is it?
Apple will have specified the performance parameters when they went to the the suppliers. If they did, and the products are within those, then there's no problem. If they didn't, or they aren't, then there's a problem. I can't see Apple making such elementary mistakes, but stranger things have happened.
nothing has changed.
Failed to collect direct debit
threatened to cut off service as a result of not collecting payment
agreed not to cut off service
sent text saying service would be cut off unless payment recieved
confirmed service wouldnt be cut off
cut off service
reinstated service
sent text saying service would be cut off unless payment recieved
confirmed service wouldnt be cut off and DD was now set up correctly
If you break into / illegally access a server or system, then you're prosecuted in the place that the server or system resides.
To put it another way, if I co-ordinated a bank robbery in another country, where would I be tried? I'm fairly sure it wouldn't usually be in Britain.
Why would you want to spend the effort, time and money drafting an equivalent law? It'd be the same thing, only it 'll say 'British Data Protection Regulation' instead of "European". Same goes for every other piece of legislation we need to replace. They already exist, and assuming we want to deal with Europe in any way then we'll have to the same in all but name, allowing for fairly minor amendments acceptable to the EU.
The GDPR is in effect now, but we've got until May 2018 to become compliant with it. If organisations aren't already applying or planning to apply at least some of the principles already, then they're quite likely to run out of time. Even if we vote Leave, we won't get out for at least two years so the GDPR will be being enforced before we've managed to exit the EU.