RE: GDPR - A guide for the perplexed

SSC Guru

Points: 148809

January 12, 2018 at 4:29 am

#1975698

peter.row - Friday, January 12, 2018 3:37 AM
will have to ask explicitly - this website you are signing upto, can we have permission to store the details you just typed in? WTF?

No, that's not what the regulations say. Under Article 6, the data processor can store the data you just typed in, because it needs to do so to carry out its obligations under the contract that it has just entered into with you. What it is likely to need your consent for is to use your data for other purposes, for example to send you marketing e-mails.

SQLBlimp - Thursday, January 11, 2018 2:02 PM
All the businessman could do is incur a MINIMUM fine of 10 million euros, or for my business, 50 years gross revenue

No, those are maximum fines. I'm not a lawyer, but I understand that fines will be commensurate with the scale of the offence, so if a small breach occurs despite your having robust procedures in place, you won't get fined anything close to the maximum.

a.crossley - Friday, January 12, 2018 2:12 AM
It's my understanding that GDPR states all personal data must be stored using encryption.

Not quite. Article 32 states that data must be stored with a "level of security appropriate to the risk ... including as appropriate ... pseudonymisation and encryption". I don't know who determines what level is "appropriate", but I think it's fair to infer that not all personal data will necessarily need to be encrypted.

There's a frightening amount of misinformation about this stuff. I suppose that's in part just the times we live in - fake news, social media, contempt for "experts" and so on.

John