|
obstipator posted:yall probs havent made anything anyone else has ever used the only reasons you need to store pii: 1. you actually need it for your product to work 2. you're selling it 3. you're too lazy to manage your own products [and someone's probably selling it on the dl] my current employer already had extensive systems and policies for protecting customer data in place so the only hassle we've encountered is an extra hour of mandatory training
|
# ? May 25, 2018 18:15 |
|
|
# ? Apr 27, 2024 00:19 |
|
attaching financial liability to pii is the only way companies will actually manage it responsibly like how did yahoo stay in business after literally all their users data was compromised? they were just like "lol whoops" and paid a few million through arbitration
|
# ? May 25, 2018 18:24 |
|
Jonny 290 posted:seriously i can see literally zero downside to GDPR I think as long as any user who requests you remove their data from your system implicitly waives any liability regarding your services I could be ok with it. We store patient data pretty much forever for contractual/quality reasons and it would be impossible for us to meet any of those reporting requirements for a patient who has requested we remove the data about our interactions with them from our system.
|
# ? May 25, 2018 18:44 |
|
qirex posted:my current employer already had extensive systems and policies for protecting customer data in place so the only hassle we've encountered is an extra hour of mandatory training Nice.
|
# ? May 25, 2018 18:57 |
|
Shaggar posted:I think as long as any user who requests you remove their data from your system implicitly waives any liability regarding your services I could be ok with it. We store patient data pretty much forever for contractual/quality reasons and it would be impossible for us to meet any of those reporting requirements for a patient who has requested we remove the data about our interactions with them from our system. I believe that you're not required to delete someone's data if you need it to fulfil legal or contractual obligations or for reasons such as billing or tax. There aren't too many situations where the right to be forgotten is applicable when it comes to most businesses.
|
# ? May 25, 2018 19:11 |
|
That's not what the law says though. Under gdpr you have the right to be forgotten by all businesses unless your info is needed by law enforcement or for tax reasons. We don't have any governmental or tax reasons to keep this data (for our non-governmental clients atleast), but we have clinical quality and contractual obligations with the client.
|
# ? May 25, 2018 19:27 |
|
Shaggar posted:That's not what the law says though. Under gdpr you have the right to be forgotten by all businesses unless your info is needed by law enforcement or for tax reasons. We don't have any governmental or tax reasons to keep this data (for our non-governmental clients atleast), but we have clinical quality and contractual obligations with the client. I assume the law doesn't vary between countries and ICO in the UK says there are only a limited set of circumstances in which the right to be forgotten applies. Which of those is the reason you would be required to delete the data? "Legitimate interests" is pretty broad and seems to cover you.
|
# ? May 25, 2018 19:33 |
|
Doom Mathematic posted:Nice. finance is bad at many things but they are very good at managing customer data
|
# ? May 25, 2018 19:33 |
|
Chalks posted:I assume the law doesn't vary between countries and ICO in the UK says there are only a limited set of circumstances in which the right to be forgotten applies. according to that there may be specific exceptions for what we do. also "to exercise the right of freedom of expression and information;" and "for the establishment, exercise or defence of legal claims." seem like they could be interpreted pretty widely
|
# ? May 25, 2018 19:35 |
|
Unroll me seems to be struggling to comply with gdpr, I wonder why.
|
# ? May 25, 2018 20:11 |
|
The most hilarious part is the law has been on the books for 2 years now
|
# ? May 25, 2018 20:29 |
|
Shaggar posted:according to that there may be specific exceptions for what we do. also "to exercise the right of freedom of expression and information;" and "for the establishment, exercise or defence of legal claims." seem like they could be interpreted pretty widely There's a reason rtbf claims have mostly been applied to search engines aggregating results, and not to primary sources themselves.
|
# ? May 25, 2018 20:32 |
|
usernames are PII. IPs are PII. get ready to wipe everything and destroy your database’s data integrity and delete your security audits since the law isnt clear and tries to cast a wide net so everyone and everything is in violation after two years of this law being warned about, u’d think they would have put more thought into it and amended it to be rational, but noooo, not in the EU
|
# ? May 25, 2018 20:37 |
|
obstipator posted:usernames are PII. IPs are PII. IPs are only PII if you have access to or the legal ability to obtain other PII linked to that IP according to the EU courts in 2016, so log files containing IPs of unknown individuals are fine. Don't know about usernames, but the right to be forgotten has get out clauses you could drive a truck through as long as you're not using the data for advertising and have "legitimate reasons" to keep the information.
|
# ? May 25, 2018 20:42 |
|
Anyone who has seen all the idiotic data leaks and the recent social media manipulation by shady companies and the rise of internet of poo poo and still does not understand why GDPR is absolutely necessary to maintain a sane internet is beyond help IMO.
|
# ? May 25, 2018 20:55 |
|
Jonny 290 posted:seriously i can see literally zero downside to GDPR
|
# ? May 25, 2018 21:12 |
|
obstipator posted:usernames are PII. IPs are PII. good. kindly gently caress off e: i am giving you explicit written consent to kindly gently caress off
|
# ? May 25, 2018 21:40 |
|
TheCoach posted:Anyone who has seen all the idiotic data leaks and the recent social media manipulation by shady companies and the rise of internet of poo poo and still does not understand why GDPR is absolutely necessary to maintain a sane internet is beyond help IMO. but but but it requires some code monkey to actually do some work for once!
|
# ? May 25, 2018 21:42 |
|
All you have to do is "anonymise" your data anyway. None of the vendors selling IoT butt plug GPS data are shutting down so I doubt it's hard to meet the required bar
|
# ? May 25, 2018 21:55 |
|
Endless Mike posted:but but but it requires some code monkey to actually do some work for once! See! EU creates jobs!
|
# ? May 25, 2018 21:59 |
|
obstipator posted:yall probs havent made anything anyone else has ever used to be fair, no programmer has made anything ever so this isn't really all that surprising
|
# ? May 25, 2018 22:21 |
|
i made a burger once
|
# ? May 25, 2018 22:35 |
|
on tuesday my org is having a global disco party reception to celebrate our efforts towards compliance haha. 9:am champagne ftw
|
# ? May 25, 2018 23:27 |
|
Has anyone written an add-on that automatically opts out of ads/tracking and blocks all pop ups yet? In case anyone wants to send a request for their data to sites like TRONC / LA Times that thinks the law doesn't apply to them. quote:Dear Sir or Madam:
|
# ? May 26, 2018 00:03 |
|
Shaggar posted:I think as long as any user who requests you remove their data from your system implicitly waives any liability regarding your services I could be ok with it. We store patient data pretty much forever for contractual/quality reasons and it would be impossible for us to meet any of those reporting requirements for a patient who has requested we remove the data about our interactions with them from our system. sounds like your employers problem op
|
# ? May 26, 2018 02:12 |
|
ted hitler posted:Has anyone written an add-on that automatically opts out of ads/tracking and blocks all pop ups yet? goddamn I wish I lived in Europe again
|
# ? May 26, 2018 02:16 |
|
GDPR owns and if you don’t agree just read the last page and see it’s only Shaggar and obstipator who are with you and they clearly don’t know what they’re talking about
|
# ? May 26, 2018 02:58 |
|
obstipator posted:usernames are PII. IPs are PII. youre brain is broken, op
|
# ? May 26, 2018 04:18 |
|
Trashman posted:GDPR owns and if you don’t agree just read the last page and see it’s only Shaggar and obstipator who are with you and they clearly don’t know what they’re talking about Ok, but I irresponsibly abuse customer data all the time in my day to day work, so It's bad. Put yourself in my shoes and imagine all the headaches this will cause in the guerrilla marketing sector!
|
# ? May 26, 2018 04:23 |
|
i agree with gpdr for the most part, but i heard on the radio that even if you take a picture on vacation, and some strangers happen to be in the frame, that you need verbal consent to put it on fartbook or wherever or else you're technically breaking the law and owe $200 million dollars. seems like it might need a little shaping before it becomes real good.
|
# ? May 26, 2018 06:08 |
|
sounds perfect already
|
# ? May 26, 2018 06:50 |
|
i think im sexually attracted to gdpr
|
# ? May 26, 2018 08:01 |
|
Good Day to Purge Rubbish (GDPR owns) https://twitter.com/paulcalvano/status/1000094415485132801
|
# ? May 26, 2018 08:28 |
|
Roosevelt posted:i agree with gpdr for the most part, but i heard on the radio that even if you take a picture on vacation, and some strangers happen to be in the frame, that you need verbal consent to put it on fartbook or wherever or else you're technically breaking the law and owe $200 million dollars. seems like it might need a little shaping before it becomes real good. You heard a dumb person saying something dumb, GDPR is legislation that applies to enterprises, not people. Unless you're acting on behalf of a company, it literally has no affect on you what so ever.
|
# ? May 26, 2018 10:03 |
|
are all of you guys for real not affected by this? none of you work on services for users?
|
# ? May 26, 2018 13:34 |
|
if users actually want your "services", gdpr isn't a problem
|
# ? May 26, 2018 14:08 |
|
If you're not an advertising company and you're not selling your user data, then it's just a case of sending out your opt in emails and having a process for data redaction if your service isn't covered by the huge "legitimate reasons" get out clause in the right to erasure.
|
# ? May 26, 2018 14:18 |
|
Jabor posted:if users actually want your "services", gdpr isn't a problem duuuurrrrrr SA violates gdpr. its just a matter of time for some idiot who got permabanned to complain to the EU and they fine the gently caress out of this place. do you not realize every site that has users is on the chopping block bc of gdpr? i dont get why you guys are being so dense deleting user data is a painful process if youve ever worked on a service before. every row tied to a username has to be deleted. theres no real good way to say oh this guy decided he wanted to be vaporized, lets delete everything and make everything they did completely disjointed and unusable. lets corrupt time and history bc if we dont, we will be in crippling debt
|
# ? May 26, 2018 14:29 |
|
obstipator posted:are all of you guys for real not affected by this? none of you work on services for users? I have been working on this. It has been a huge pain, but I still think it’s a good thing.
|
# ? May 26, 2018 14:30 |
|
|
# ? Apr 27, 2024 00:19 |
|
obstipator posted:duuuurrrrrr That's not how it works, read the legislation on right to erasure: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-erasure/ Specifically: quote:The right to erasure does not apply if processing is necessary for one of the following reasons: You can also refuse to comply with the right to erasure if it is "manifestly unfounded or excessive" which would cover this example even if it wasn't already invalid. Chalks fucked around with this message at 14:33 on May 26, 2018 |
# ? May 26, 2018 14:31 |