Quote from: DAS B00T x2 on February 01, 2018, 07:37:28 AM

What do you expect from a country that issues licenses to own a TV?

Semi-relevant

Quote from: FatherlyNick on February 01, 2018, 12:47:13 PM

Quote from: Flee on February 01, 2018, 11:52:26 AM

Quote from: FatherlyNick on February 01, 2018, 10:30:53 AM

Well, prior to this rule it was only delete files that have something like IP addresses or usernames. Now its all and anything. But whatever, there is auto-archiving regardless.

That's interesting. Any controller has long been under the obligation to minimize their use of personal data and delete it as soon as it's no longer necessary. The GDPR slightly broadens the definition of personal data but it's mainly just codifying what was already commonly recognized through court cases and whatnot. What other files do you delete then? And auto-archiving of personal data still counts as processing so that doesn't exactly sound like it's allowed.

Quote

Blue Diamond customers are the most pain. You need to do some much just to get a single file. Some people on the team, flat out refuse to work with BD customers because of this. Even though I wrote up a straight-forward doc on how to get to the files.

I have no clue what they are. Just important / high profile clients with high security requirements? Because that's probably not a legal requirement then.

Blue Diamond customers are clients from the medical field. So basically anything with med. records.

Yeah, I figured as much. There's several categories of personal data that are considered sensitive or special under EU privacy law. These include the likes of medical data but also information on sexuality, race, ethnicity and the likes. Processing them can only take place under stricter conditions, which is why there's more requirements regarding specific written consent and whatnot.

Quote from: FatherlyNick on February 02, 2018, 05:10:44 AM

Quote from: Flee on February 01, 2018, 09:27:37 PM

Quote from: FatherlyNick on February 01, 2018, 12:47:13 PM

Quote from: Flee on February 01, 2018, 11:52:26 AM

Quote from: FatherlyNick on February 01, 2018, 10:30:53 AM

Well, prior to this rule it was only delete files that have something like IP addresses or usernames. Now its all and anything. But whatever, there is auto-archiving regardless.

That's interesting. Any controller has long been under the obligation to minimize their use of personal data and delete it as soon as it's no longer necessary. The GDPR slightly broadens the definition of personal data but it's mainly just codifying what was already commonly recognized through court cases and whatnot. What other files do you delete then? And auto-archiving of personal data still counts as processing so that doesn't exactly sound like it's allowed.

Quote

Blue Diamond customers are the most pain. You need to do some much just to get a single file. Some people on the team, flat out refuse to work with BD customers because of this. Even though I wrote up a straight-forward doc on how to get to the files.

I have no clue what they are. Just important / high profile clients with high security requirements? Because that's probably not a legal requirement then.

Blue Diamond customers are clients from the medical field. So basically anything with med. records.

Yeah, I figured as much. There's several categories of personal data that are considered sensitive or special under EU privacy law. These include the likes of medical data but also information on sexuality, race, ethnicity and the likes. Processing them can only take place under stricter conditions, which is why there's more requirements regarding specific written consent and whatnot.

ah yeah man. You have to train for a few hours to get BD certified - meaning you can deal with BD clients.

It's good to see companies like IBM take the GDPR this seriously. It should be a great improvement compared to the old Directive and its national implementations. If IBM doesn't comply with these rules and seriously neglects them, they can face fines up to 4% of their global revenue - or almost $3.2 billion dollars.