Versions Compared

Old Version 3

changes.mady.by.user Simon Lucy

Saved on

compared with

New Version 4

changes.mady.by.user Simon Lucy

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Excerpt

In the preparation for GDPR and the UK refresh of the Data Protection Act it seems that some organisations, especially government departments and public bodies are asking some very awkward questions.

  • Assurances, pledges, loyalty oaths that an organisation is 'GDPR' ready.
  • Copies of the organisation's policies and procedures relating to GDPR
  • Claiming a right of auditĀ 
  • Contractually requiring agreement and proof of deletion, 'forgetting' and, or returning of data.
  • Contractual requirements which duplicate or place the burden of handling personal data provided to the organisation, by the contracting party.

There are probably others going the rounds as well. Prefacing what I'm going to say with IANAL (I am not a lawyer) it makes sense to apply some rationality to this and maintain the proper borders between organisations. In general I do not believe that anyone has to promise to any one else, including the Government that they are going to obey the law. Extra contractual conditions won't provide any kind of indemnity to either party, remember that organisations that supply data have a duty of care to both the owners of the data (individuals), and whoever they share it with, that they indeed have the necessary permissions. There could potentially be a lot of 'indemnities' swapped around. But of course they mean nothing.

...