# GDPR and Business



## Nemama (15 May 2018)

Hi,

As most likely you all already know, starting on 25 May 2018, the EU General Data Protection Regulation (GDPR) will become effective across all European Union member states. This is the biggest reform in data protection legislation since the Data Protection Act approved back 1995.

What changes must be performed at business's website in order to meet the new GDPR Requirements?

Thanks


----------



## LDFerguson (15 May 2018)

Lots of information on this on the web.


----------



## Purple (16 May 2018)

This is also a good resource.


----------



## Steven Barrett (16 May 2018)

If you have contact me forms on your site, the consumer has to consent to their data being transmitted to you. You also have to update your Privacy Policy. My web guy did all of my stuff for my site. Wouldn't have had a clue about half of it and would have spent hours trying to figure it all out. Well worth the money spent. 


Steven
www.bluewaterfp.ie


----------



## Purple (16 May 2018)

If you have CCTV you have to have a policy on what you do with the recordings.


----------



## Jim2007 (16 May 2018)

Future Learn are presenting a course for the University of London:

https://www.futurelearn.com/courses/general-data-protection-regulation


----------



## Purple (29 May 2018)

Can anyone recommend a training course on GDPR?


----------



## Nemama (29 May 2018)

I've been told Local Enterprise Office is going to start offering GDPR courses... I would suggest to you to keep an eye on their incoming training courses.


----------



## Purple (30 May 2018)

Good old Local Enterprise Boards, offering courses after the fact.


----------



## T McGibney (30 May 2018)

Purple said:


> Good old Local Enterprise Boards, offering courses after the fact.


I don't understand your point? GDPR was introduced only a week ago. Even those who have prepared comprehensively ahead of its introduction will have continuing and ongoing responsibilities.


----------



## Purple (30 May 2018)

T McGibney said:


> I don't understand your point? GDPR was introduced only a week ago. Even those who have prepared comprehensively ahead of its introduction will have continuing and ongoing responsibilities.


Yea, but you need to have your ducks in a row now, not in a few months when they start running courses.


----------



## T McGibney (30 May 2018)

Purple said:


> Yea, but you need to have your ducks in a row now, not in a few months when they start running courses.


No, you need to have your ducks in a row now and maintain them that way forever.

I attended a GDPR course last month and the guy giving it said that he anticipates that the vast majority of GDPR compliance work will be after 25 May.


----------



## Leo (30 May 2018)

GDPR was enacted in May 2016 with a 2 year transition period allowed, May 25th was the implementation deadline.


----------



## T McGibney (30 May 2018)

Leo said:


> GDPR was enacted in May 2016 with a 2 year transition period allowed, May 25th was the implementation deadline.


And???


----------



## Leo (30 May 2018)

T McGibney said:


> And???



Just adding to the point that going about introducing training now is closing the stable door after the horse has bolted stuff, and correcting the point from the first post and what seems to be a common misconception that this should be anything new to anyone in a data controller / processor role.


----------



## T McGibney (30 May 2018)

Leo said:


> Just adding to the point that going about introducing training now is closing the stable door after the horse has bolted stuff.



It's anything but. Responsibility for workplace health and safety compliance didn't suddenly end with the coming into force of the Safety, Health and Welfare at Work Act.


----------



## Leo (30 May 2018)

T McGibney said:


> It's anything but.



It's fine for anyone new into these roles, ongoing training will always be required. But I don't think they could ever be accused of being ahead of the game introducing training more than two years after adoption.



T McGibney said:


> Responsibility for workplace health and safety compliance didn't suddenly end with the coming into force of the Safety, Health and Welfare at Work Act.



Not sure I get that point, who's suggesting anyone's responsibility here is ending?


----------



## T McGibney (30 May 2018)

Leo said:


> But I don't think they could ever be accused of being ahead of the game introducing training more than two years after adoption.



But nobody til now has mentioned anything about being ahead of the game. We were discussing something else entirely.



Leo said:


> Not sure I get that point, who's suggesting anyone's responsibility here is ending?





Purple said:


> Good old Local Enterprise Boards, offering courses after the fact.


----------



## Leo (30 May 2018)

T McGibney said:


> But nobody til now has mentioned anything about being ahead of the game. We were discussing something else entirely.



No, I was responding to the point raised about them introducing training after the May 2018 date. Purple added the point about them doing so after the fact, I was just pointing out GDPR was adopted two years earlier in 2016, so just further emphasising that point.




Leo said:


> Not sure I get that point, who's suggesting anyone's responsibility here is ending?





Purple said:


> Good old Local Enterprise Boards, offering courses after the fact.



I still don't get where that's referring to anyone's responsibility ending.


----------



## T McGibney (30 May 2018)

Leo said:


> I still don't get where that's referring to anyone's responsibility ending.



Look at the definition of "after the fact" - 'occurring, done, or made after something has happened.'

It's a nonsense to suggest that GDPR 'has happened' as it involves continuing responsibilities.


----------



## Leo (30 May 2018)

T McGibney said:


> Look at the definition of "after the fact" - 'occurring, done, or made after something has happened.'



I understand the phrase perfectly, thanks. The suggestion here is they are introducing a course after the deadline for implementation. So in this case, the implementation deadline is the fact the training is coming after. 



T McGibney said:


> It's a nonsense to suggest that GDPR 'has happened' as it involves continuing responsibilities.



I don't think anyone here has suggested it has happened and that's the end of it.


----------



## T McGibney (31 May 2018)

Leo said:


> I don't think anyone here has suggested it has happened and that's the end of it.



Hmmm. Yet this innocuous truism has provoked quite a reaction.



T McGibney said:


> GDPR was introduced only a week ago. Even those who have prepared comprehensively ahead of its introduction will have continuing and ongoing responsibilities.


----------



## Leo (31 May 2018)

T McGibney said:


> Hmmm. Yet this innocuous truism has provoked quite a reaction.



Well, the only people who have posted since that are the two of us, and as stated I was responding to the OP and Purple's points. 

So, to respond directly to it now, it is not true to say GDPR was introduced a week ago. There was no EU legislation relating to data protection introduced recently.  GDPR was adopted by the Council on April 8th, 2016, the Parliament on April 14th, published in the official journal on April 27th, and came into force on May 24th, 2016.


----------



## Purple (31 May 2018)

Anyway, I signed up for gdprcourse.com. They have an on-line tutorial and then a 3 hour classroom course.


----------



## T McGibney (31 May 2018)

Leo said:


> it is not true to say GDPR was introduced a week ago. There was no EU legislation relating to data protection introduced recently.


----------



## Purple (1 Jun 2018)

Purple said:


> Anyway, I signed up for gdprcourse.com. They have an on-line tutorial and then a 3 hour classroom course.


I did the course. it was very good.


----------



## Dinarius (20 Jun 2018)

What about something as simple as a sole-trader (like me - photographer) updating their website with new work, and wishing to let people (existing clients or, more likely, potential new clients) know about it.

Can I simply send out an email alerting them to the new work on the site?

Or, do I first have to write to them asking them if I can then send them the marketing/news email? (even though, like most people, my web address is under my name on my email sign-off)

Some of these people/firms/publications, I would have been in frequent contact with in the past - coz I worked for them - some would be those I'm hoping to work for.

Thanks.

D.


----------



## Leo (20 Jun 2018)

Dinarius said:


> Can I simply send out an email alerting them to the new work on the site?



Only if you got their explicit permission to send such communications when collecting that information. You will need to maintain a record of proof of such consent and provide a mechanism for those on the list to request their information to be removed.


----------



## Dinarius (20 Jun 2018)

Ok.

So, a better way of going about it would be to send an email asking if I can put them on a list for future emails about website updates, while having the link to the site under my name, as always. That way, they can have a look at the work and reply, or not. Make sense? 

What you seem to be saying is that cold-calling (or cold-emailing, if there is such a term) is no longer possible. Right?

Thanks.

D.


----------



## Leo (20 Jun 2018)

Dinarius said:


> So, a better way of going about it would be to send an email asking if I can put them on a list for future emails about website updates, while having the link to the site under my name, as always.



Yes, you likely received many such emails from businesses you're interacted with in the past. They'll help you form a suitable communication.



Dinarius said:


> What you seem to be saying is that cold-calling (or cold-emailing, if there is such a term) is no longer possible. Right?



You can only use a person's contact details for the purposes you outlined when collecting it.


----------



## galwegian44 (26 Jun 2018)

T McGibney said:


> I attended a GDPR course last month and the guy giving it said that he anticipates that the vast majority of GDPR compliance work will be after 25 May.



Hi,

I would appreciate if you would let us know the course you attended and your opinion on the benefits (or otherwise) you received from attending.

Thanks in advance.


----------



## T McGibney (26 Jun 2018)

Hi 

It was a course aimed at accountants. It was only mediocre and for that reason I'd be hesitant to recommend it.


----------

