UK Government Throws GDPR Out The Window?

Forum Moderators: open

Message Too Old, No Replies

UK Government Throws GDPR Out The Window?

RedBar

1:02 pm on Jun 23, 2020 (gmt 0)

The UK is relaxing its Coronavirus recommendations from 4th July 2020 but at what price for privacy and GDPR?

Most of us here know all about this issue however the BBC has written this:

Restaurants and pubs can reopen. All hospitality indoors will be limited to table service and with minimal staff and customer contact. Customers will also have to give contact details when they enter

[bbc.co.uk...]

Deails? Really? Really? You want MY contact details? Precisely what details?

Do I need to mention who is storing, them, how, where etc, who is responsible for this DATA?

Has anyone considered this?

engine

3:34 pm on Jun 23, 2020 (gmt 0)

The news is that there's a 12-page document explaining that it still applies.
PDF [ico.org.uk...]

Take a look at the Coronavirus Act 2020 [gov.uk...]

However, unlike, I believe, Hungary, I don't think there is a rule suspending GDPR.

JorgeV

4:32 pm on Jun 23, 2020 (gmt 0)

Hello,

In fact, Governments (of any country) , have no real idea of what is the GDPR really is. They have a loose idea, and only mind when it applies to others than themselves, when it can bring money in.

tangor

8:12 am on Jun 24, 2020 (gmt 0)

Wash your hands.

The GDPR was/is so arcane and complex that it can be interpreted in a zillion ways. No wonder there's confusion afoot.

engine

11:50 am on Jun 24, 2020 (gmt 0)

The GDPR was/is so arcane and complex that it can be interpreted in a zillion ways. No wonder there's confusion afoot.

It's not like that at all.
It's don't break the local law, collect data only for a specific purpose, retain data for as long as the purpose is required, state the purpose, don't collect unnecessary data to achieve the purpose, data accuracy and correction, delete when no longer necessary, data security and protection. That's all in a nutshell. It's all very obvious.
If an organisation doesn't look after a users data, that's where the glamorous bit comes in where fines are imposed. Again, all very obvious.
If I borrow your lawn mower, I don't want to leave it out front of the house and unattended for it to be stolen. If I am careless with it I will have to pay a fine, and in this case, buy the owner a new lawn mower, and perhaps a bottle of wine to apologise.

tangor

7:29 am on Jun 26, 2020 (gmt 0)

Pretty sure that user data is not a lawnmower. BTW, the user comes to "you", not the other way around.

Your example is covered in law under "reasonable care and control" ... GDPR is not required in that regard.

HOWEVER, GDPR does address something different: requirement of visitor data held (collected without visitor consent). Previous privacy protections were already there, the difference is applying an additional burden on the COLLECTOR of such which was frosting on the cake with a bit of financial hurt applied beyond the existing legislations world wide---and TARGETED at multinational tech companies.

The confusion is "who does this apply to" and the answer is "only if you are big enough to pay fines."

piatkow

9:37 pm on Jun 28, 2020 (gmt 0)

GDPR doesn't have to be suspended, if there is a legal requirement to gather the data then GDPR allows you gather it,

Restaurants gather some of this data every day whenever they take a booking.

Most outlets are just going to put this data in the hardcopy diary that they keep by the phone for taking bookings.