Welcome to WebmasterWorld Guest from 52.91.39.106

Forum Moderators: webwork

Featured Home Page Discussion

GDPR a Year on: 200,000 Cases Received By Data Protection Authorities

     
12:05 pm on May 28, 2019 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month

joined:May 9, 2000
posts:26110
votes: 943


A year on from when GDPR came into force, over 200,000 cases have been received by the Data Protection Authorities.
Ireland's Data Commissioner has taken the lead into many of the major investigations, primarily because most of the major Internet-based businesses have registered offices in Ireland. It has 19 major investigations ongoing, including Facebook, WhatsApp and Instagram, Twitter and LinkedIn, and Google, and others.

[bbc.co.uk...]

Earlier stories
Microsoft Calls For GDPR-Like Privacy in the U.S.A. [webmasterworld.com]
Study: Ad Trackers Losing Reach in Europe After GDPR [webmasterworld.com]
Brave Browser Files Privacy Complaints in GDPR Test Case [webmasterworld.com]
The Best GDPR Resources (NOT Generic Overview Articles) [webmasterworld.com]
12:33 pm on May 28, 2019 (gmt 0)

Senior Member

WebmasterWorld Senior Member Top Contributors Of The Month

joined:Apr 1, 2016
posts:2548
votes: 717


Hooray! Great job, what an amazing success. High fives all around...

The bureaucratic make work project has created thousands of jobs for pencil pushers and lawyers, it has imposed significant hurdles for small and medium companies further strengthening of the big tech companies' market positions, it has done nothing to protect the privacy of individuals in any meaningful way (evidenced by the constant stream of data leaks from FB and others), and finally it probably hasn't collected a penny of the 56M Euro fines imposed.

It should also be noted that 56M Euro may seem like a big figure but it is likely 2 fines, one for 50M to Google and then some amount to another big-tech company, inconsequential. However, they don't report to cost incurred by all the small companies.
12:58 pm on May 28, 2019 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member graeme_p is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 16, 2005
posts:2936
votes: 188


@nickMNS entirely agree. Its far too much of a burden for SMEs who are not the problem. There is no good reason they could not exempt companies with (comparatively) limited amounts of user data and not involved in trading personal data. They just do not care about small business (as with things like VATMOSS).
2:47 pm on May 28, 2019 (gmt 0)

Senior Member

WebmasterWorld Senior Member Top Contributors Of The Month

joined:Nov 13, 2016
posts:760
votes: 150


Its far too much of a burden for SMEs who are not the problem. There is no good reason they could not exempt companies with (comparatively) limited amounts of user data and not involved in trading personal data.

Agreed. In the other hand, you can see that no SME are targeted by investigations. It doesn't mean that SME cannot be liable and get problems of-course, but, things are not automatic. Data protection authorities know how to make the difference, and they focus their work on big platforms. I am 99% sure that if tomorrow, such authority comes to you because of an issue, they won't fine you. They'll just issue you a warning, and point to you what you are failing to do.The regulations have been made to include all businesses by "anticipation", because you know how some are smart at abusing laws and playing with the words. So if an SME is doing something very fishy , they'll get threaten like the big players. Otherwise, I am confidence that if a SME is showing good will and showing it's doing its best , this is fine. So don't freak, try your best, and this will be fine.

Now, to have a positive vision of the GDPR, this is also making professionals to be aware of data protection. I am sure that lot of businesses didn't pay too much attention at how they were handling and protecting data. Now, they are. And this is good for everybody.
5:35 pm on May 28, 2019 (gmt 0)

Senior Member

WebmasterWorld Senior Member Top Contributors Of The Month

joined:Apr 1, 2016
posts:2548
votes: 717


you can see that no SME are targeted by investigations

Where exactly can you see this? It is much easier for the bureaucrats to promote their action against the big player than the small companies. They reported 94000 complaints, those are not all targeted at Google and Facebook.
11:07 am on May 29, 2019 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member graeme_p is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 16, 2005
posts:2936
votes: 188


I think it is true that they are not really interested in going after SMEs BUT the lack of an explicit exemption means SMEs do not want to take the risk so they spend the money anyway.

A number of my clients have asked me to make changes to comply with GDPR.

On top of that, it does not stop with websites - CRMs for example need to comply, so do all sorts of other internal systems.
6:22 pm on May 29, 2019 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member redbar is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:Oct 14, 2013
posts:3188
votes: 473


500,000 New data protection officers


Pardon? Half a million new "employees", presumably by the EU?

Half a MILLION?

Where, Ireland?
7:10 pm on May 29, 2019 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member tangor is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 29, 2005
posts:9713
votes: 925


The purpose of any bureaucracy is to grow itself. :)
7:43 pm on May 29, 2019 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member redbar is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:Oct 14, 2013
posts:3188
votes: 473


Yeah, especially when it's someone else's money but still, 1/2 million new officers, that's almost 1/3 the size of the UK NHS and everyone here knows someone who works in the NHS yet a GDPR officer?

It can't be Ireland since their unemployment rate in April was 4.6% with a total of just under 130,000 and a year ago was 5.9%, clearly not enough bodies to go around however I did find this probable explanatory article:

According to the International Association of Privacy Professionals, more than 500,000 data protection officers have been appointed at firms across the world


Ah, so that makes things clearer, 1/2 million new jobs have been "created" by companies to try and comply with GDPR ... Darn good job that it's a tax deductible expenditure:-)
10:11 pm on May 29, 2019 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member tangor is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 29, 2005
posts:9713
votes: 925


Ha! The chuckles just keep coming!

Some pols in Brussels decide things need to be this way, and the rest of the world has to take on new expense to address the buffonery. That's not job creation, that's killing companies by the death of a 1,000 unnecessary employees!

</satire off>
1:01 pm on May 30, 2019 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Nov 15, 2001
posts:1797
votes: 52


I detect some are not in favour of the GDPR.
Me I like that organisations holding my personal information now ought to take some care with it.
1:22 pm on May 30, 2019 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member graeme_p is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 16, 2005
posts:2936
votes: 188


@Mark_A I (and I think other people) do not have a problem with the principle behind GDPR, but with the implementation.

It is needed to control companies like Facebook, but it is applied to everyone. A small business which stores server logs and the personal details of a few thousand customers, and uses the data only iternally is not a problem.
7:12 pm on May 31, 2019 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member tangor is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 29, 2005
posts:9713
votes: 925


I've slept since then, but isn't there a threshold where GDPR kicks in?

Seriously, there have been so many conversations/articles that this old curmudgeon could have "false memories" ...

(off to read GDPR again)
6:59 pm on June 1, 2019 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Nov 15, 2001
posts:1797
votes: 52


@graeme_p
A small business which stores server logs and the personal details of a few thousand customers, and uses the data only iternally is not a problem.

We are an SME and we retain logs, it is noted in our public privacy policy that we retain logs for iirc 2 years for website management and tracking purposes .. after which they are destroyed. We feel we comply fully with GDPR.
12:15 pm on June 2, 2019 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member graeme_p is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 16, 2005
posts:2936
votes: 188


@Mark_A you are a long way off this: [tools.ietf.org...]

It is much harder for people who have logs AND customer information - the latter is a much bigger problem.

@tangor, [ico.org.uk...]
3:21 pm on June 4, 2019 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Aug 11, 2008
posts:1714
votes: 262


It's not even about being GDPR compliant. We're B2B, and the biggest headache is when a Corporate asks you to demonstrate your GDPR compliance before they buy/contract with you.

Part of their own compliance is ensuring supply-chain compliance. But everyone has a different form, so you can't copy-paste.

Here's a less-onerous one I got today:
Please demonstrate your organisationís approach to your obligations under the General Data Protection Regulations (GDPR) in relation to person identifiable data you will collect and process during the term of this contract. In particular please address how you will:

  • Have security in place that is consistent with the ICOís security guidance [ico.org.uk]
  • Co-operate with supervisory authorities (such as the ICO);
  • Ensure the security of data processing;
  • Keep records of processing activities
  • Notify any personal data breaches to the data controller
3:30 pm on June 4, 2019 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Aug 11, 2008
posts:1714
votes: 262


Addressing the SME question, it is extremely helpful to remember that large bureaucracies necessarily "consult" industry to gain expertise. When the bureaucracy looks for advice, they call it consulting. When Big Business responds, it is best to classify it as Lobbying.

Big Business lobbies on it's own behalf. Not for the sector's behalf, strictly its own. SMEs are systemically disadvantaged as a result of regulation, because that regulation is designed by incumbent businesses to entrench their position. Big business designs the rules to ensure challengers fail.

I am not cynical when I hear Facebook or Google say they will work with regulators to "protect" consumers. Of course they will. And the regulation produced will stipulate that the consumer protection offered is exactly the kind that suits Big Data, and hampers the growth of challenger upstarts.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members