eric olthwaite wrote:Cheers jackos. Yeah, we don't consider this a significant risk but it's just new legislation and I'm trying to be pernickety. Examples of daft shit I'm trying to cover are:
a) Employee X keeps some pdf of a letter about his health condition or a credit card statement in his personal folder, we back it up, we've therefore 'processed special data' according to GDPR.
b) Employee X backs his phone contacts up to his PC, we're now processing his mum's personal details etc.
c) Client contact details kept on a company phone, phone is lost, what actions do we take?
Unfortunately I'm not an expert Eric, so I might well be wrong, but I think the three elements you need to be aware of are - Access (if someone asks you you have to be able to tell them what information about them you process) , forgotten, (you have to erase the data if requested) , portability (you have to be able to provide a portable copy of any data if requested by an individual). I guess your biggest problem will be customer information your company stores, I think you need consent to do that, but I'm afraid I don't know how small businesses handle that.
Ive no idea on the mobile phone, I've not heard or seen that being mentioned as an issue, the legislation handles the storage and processing of data, I don't think it says anything about losing data. Device encryption is pretty standard these days, so you should make sure mobiles and pcs are encrypted if they aren't. But I don't think GDPR covers that .
Not much use really am I