DSF

Part of the stipulations for GDPR are -

• Firms of over 250 employees must employ a Data Protection Officer (DPO). This person is responsible for ensuring that a business collects and secures personal data responsibly.

• GDPR will also apply to small businesses under 250 employees if the processing carried out is likely to result in a risk to the rights and freedoms of data subjects, the processing is not occasional, or the processing includes special categories of data as defined in GDPR Article 9.

So, my small business of less than 250 employees (ie. myself!) takes orders from ebay, manufactures and ships them, and then marks them as dispatched in ebay. End of story. The only data pertaining to those customers of mine exists solely on the ebay servers after I have done with it. Who is responsible for GDPR?

webtrekker;131099 wrote: So, my small business of less than 250 employees (ie. myself!) takes orders from ebay, manufactures and ships them, and then marks them as dispatched in ebay. End of story. The only data pertaining to those customers of mine exists solely on the ebay servers after I have done with it. Who is responsible for GDPR?

You will probably be classified as a 'data processor', rather than a 'data controller'. In that case you should list names and addresses of the data controllers of the companies you sell through - ebay, amazon etc. You should also document the type of processing ( 'why' you are processing the data) you are using the information for i.e sales, delivery and invoicing/book keeping.

Like I said before this is mainly jargon driven abstract thinking by a think tank somewhere. What person with any grasp of reality would considering posting a package as 'data processing'.

You will at some point print off data from the server onto paper - order forms/despatch note and address label - you should have in your policy how you process these bits of paper, if you keep them, or destroy them, if they are all sent to the customer, what you do with the emails you get from Ebay about these orders. Even if your policy says all data is printed onto paper and then sent to the customer, no paper work is kept on file or on paper.

I honestly can't see half the population of homeworkers complying with this. It's stupidity of the highest order.

webtrekker;131105 wrote:I honestly can't see half the population of homeworkers complying with this. It's stupidity of the highest order.

Pretty much, yes.
But it is important that you put something down before the deadline, even if it is only partially correct. The requirement is for the policy to be available in both written and electronic format. The danger of having a requirement for an electronic version of the policy is that it will be evident exactly when the policy was written. No chance of waiting for a tug and writting the policy afterward.

Probably better to have a bad policy than none at all.

pisquee;131104 wrote:You will at some point print off data from the server onto paper - order forms/despatch note and address label - you should have in your policy how you process these bits of paper, if you keep them, or destroy them, if they are all sent to the customer, what you do with the emails you get from Ebay about these orders. Even if your policy says all data is printed onto paper and then sent to the customer, no paper work is kept on file or on paper.

That is the nail on the head for anyone who only deals with their clients via 3rd parties, what you do with the info you have from them - this is what they are trying to get sorted, think of the data breaches there have been over the past few months from companies we intrust our information to - let alone the millions of businesses that work from home / small set ups.

Slowly getting my head around it all, but it takes time.l

I was given this site to use to get a feel for how the "little guys" are tacking it, you dont have to be a member of the church of England to use it, just download it and use their guidelines, if it is good enough for him upstairs it should hold out for us

http://www.parishresources.org.uk/gdpr/dataaudit/
http://www.parishresources.org.uk/wp-co ... cklist.pdf

Jargon free as it it written for the parish councillors.

If you want a fuller explaination via a checklist try this

https://gowlingwlg.com/GowlingWLG/media ... liance.pdf

There is an artticle in this months Printwear and Promotion. Haven't got enough life in me to read it yet.

pw66;131159 wrote:There is an artticle in this months Printwear and Promotion. Haven't got enough life in me to read it yet.

Hence why I read the articles above, easier to digest.

money box live on Radio 4 are just about to do a programme on it, if you miss it, then it will be here to catch up later https://www.bbc.co.uk/programmes/b0080g47