Psycho-Babble Administration | about the operation of this site | Framed
This thread | Show all | Post follow-up | Start new thread | List of forums | Search | FAQ

Re: Most recent five suggestions for more compliance

Posted by ert on December 21, 2018, at 4:53:04

In reply to Re: Most recent five suggestions for more compliance, posted by ert on December 20, 2018, at 7:48:04

I think telegram could be a viable option.

-own posts can be exported or the whole chat (and then further processed e.g. merged to pdf files). With adobe dc, freecommander (plug in) or totalcommander (plug in) it can also be searched inside multiple doc files like pdf files
-It can be set a description for a user name. When someone changes the user name it can be used the same or similar description so that the person will be recognized.
-it can be made two people chats
-it can be checked who is online
-it can be called someone but also blocked from calling
-it can be uploaded media or also blocked from uploading when it disturbs too much
-it can quickly searched through the chat with terms like lithium
-it can be jumped back to a specific date e.g. one week back and then read through all new postings.
-It can be used an avatar e.g. a pet as a face replacement
-Interesting posts can be quickly saved by forwarding them to saved messages
-Available even for linux
-The posts get deleted after an set time of inactivity (up to 1 year)
-They would be less anxious to post and therefore more open minded and honest
-Short blocks for rogue users are possible
-The problem is finding the groups. Therefore it must be made links to the groups on a websites.
-There is a learning curve but the software easy to understand and lightweight
-Everyone can delete or edit her/his posts
I try to help a bit because if nothing happens soon or later it will have negative implications for the ruler

article 27 of the gdpr also requires an eu representative that has oversight over the data processed. Therefore an independent person who has oversight and deletes data.

Portuguese DPA imposes 400,000 fine on hospital for two violations of the GDPR
Must read


Holiday Special, 17 December 2018 Issue
The Portuguese data protection authority Comissão Nacional de Protecção de Dados or CNPD imposed two separate penalties amounting to a 400,000 fine on a hospital for two violations of the EU General Data Protection Regulation.
The CNPD found the Barreiro Hospital had granted access to patient data to too many users of the hospitals patient management system. There were 985 users registered for doctor-level access, even though there were only 296 physicians working at the hospital in 2018. The DPA applied a 300,000 fine for this failure to respect patient confidentiality and to limit access to patient data. The CNPD imposed the second fine of 100,000 for the hospitals inability to ensure data security and data integrity in the system.
Read more about this news here.
Provided by: Access Now

First UK GDPR enforcement action is against Canadian firm with apparently no EU presence


On 24 October 2018, the UK data protection enforcement body, the Information Commissioners Office (ICO), issued an Enforcement Notice against Canadian data services firm, AggregateI Q (AIQ). This was the first Enforcement Notice issued by the ICO under the General Data Protection Regulation (GDPR). The Notice specifies several breaches of the GDPR and gives AIQ 30 days to put itself into compliance or face a fine of 20 million or 4% of global group turnover, whichever is greater.
AIQs breaches of the GDPR relate to its use of personal data of UK individuals in connection with its business of providing data services to political organisations. Specifically, AIQ used this data to target individuals with political advertising on social media.
The specific GDPR breaches were as follows:
1 .AIQ breached Articles 5(1)(a)-(c) and Article 6 by processing personal data in a way that the data subjects were not aware of, for purposes which they would not have expected, and without a lawful basis for that processing. Moreover, the processing was incompatible with the purposes for which the data was originally collected.
2 .AIQ also breached Article 14 in that it failed to provide data subjects with the information set out in Articles 14(1) and (2), and none of the exceptions set out in Article 14(5) apply. Article 14 deals with the situation in which a company obtains the personal data from one or more third parties rather than from the data subjects directly. If Article 14 applies, the controller of the data must communicate to the data subject, among other things, the category of the data collected, the purpose(s) of the data processing, and its legal basis.
3 . Although it is not alleged in the Enforcement Notice, AIQ was also probably in breach of Article 27 in that non-EU companies that process the personal data of EU residents must designate an EU representative, which is obviously intended to provide regulators with an easy means of imposing jurisdiction. The failure to comply with Article 27 alone can result in a fine of 10 million or 2% of a companys global group turnover, whichever is higher.
The GDPR provides detailed guidance to companies on how the collection of personal data may be legally justified and the steps that must be taken with regard to the privacy of the data and the disclosures and/or authorizations that must be made to, or obtained from, the individuals affected. This is a complex exercise that should normally require the assistance of outside legal counsel. AIQ was either ignorant of how GDPR may affect its business or, what is more likely in view of the wide publicity GDPR has generated around the world, totally indifferent to its GDPR legal obligations.
The GDPR breaches by AIQ are so serious and wide ranging that it will be nearly impossible for it to fully comply with the Enforcement Notice within 30 days. It should be kept in mind that AIQ must carry out its compliance steps with regard to all UK individuals affected (i.e. with regard to all those in the UK whose data was collected). If AIQs measures are only piecemeal, the ICO will probably deem AIQ to be non-compliant.
If AIQ fails to comply with its GDPR obligations within 30 days, and a fine is imposed, the fine may be enforced in a UK court. If AIQ fails to make a court appearance and a default judgment is entered, AIQ may well have to defend itself in an action to enforce a foreign judgment. Moreover, with a UK judgment entered, AIQ may be effectively barred from establishing itself within the EU for fear of its EU assets being subject to a seizure action for the collection of the fine.
The situation for Chinese companies could not be clearer. Even those not established in the EU could face the sort of risks identified above. Those Chinese companies taking a relaxed position or preferring to see how things develop before they take GDPR compliance measures could find themselves unpleasantly surprised. Keep in mind that AIQ is a small consultancy, but its business depends on assembling a massive database of personal data.
Now, imagine how much personal data a large Chinese manufacturer of consumer goods or electronic products, a Chinese airline or hotel chain, or a Chinese internet selling platform is able to collect from/on EU consumers, and how much time it would need to comply with the GDPR. A 30-day window would be laughable. And it should be considered that the GDPR did not require the ICO to provide a 30-day windowthat was the ICOs decision, or if you prefer, English hospitality.




Post a new follow-up

Your message only Include above post

Notify the administrators

They will then review this post with the posting guidelines in mind.

To contact them about something other than this post, please use this form instead.


Start a new thread

Google www
Search options and examples
[amazon] for

This thread | Show all | Post follow-up | Start new thread | FAQ
Psycho-Babble Administration | Framed

poster:ert thread:1102144