Welcome to WebmasterWorld Guest from 126.96.36.199
Forum Moderators: webwork
who is impacted
what data is or isn't included
In the meanwhiles the small guys are going to be chasing their tails wasting money and resources trying to comply while the big guys spend millions on lawyers.
- obtain their explicit consent for doing so.You don't need explicit consent in most real-world scenarios.
- if a user asks for his data to be delete, do so.
You don't need explicit consent in most real-world scenarios.
The GDPR sets a high standard for consent. But you often won’t need consent. If consent is difficult, look for a different lawful basis.
What are the lawful bases for processing?
The lawful bases for processing are set out in Article 6 of the GDPR. At least one of these must apply whenever you process personal data:
(a) Consent: the individual has given clear consent for you to process their personal data for a specific purpose.
(b) Contract: the processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract.
(c) Legal obligation: the processing is necessary for you to comply with the law (not including contractual obligations).
(d) Vital interests: the processing is necessary to protect someone’s life.
(e) Public task: the processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law.
(f) Legitimate interests: the processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests. (This cannot apply if you are a public authority processing data to perform your official tasks.)
In that case, informing the user that his ip will be saved should be enough?
joined:May 21, 2018
n a handful of cases so far, businesses have received cease-and-desist legal warnings along with claims for compensation in high four figures for the costs involved in the implementation of GDPR - which, allegedly, the recipient businesses in question have not implemented or have implemented incorrectly.