You are reading a single comment by @deleted and its replies. Click here to read the full conversation.
  • Exactly, still have to have one though.
    It’d be up to David to decide how long is long enough but you still have to delete everything you have on a person if after a set period of time, they have had no interaction with an organisation.
    Forgive me if I’m wrong on any points, I’ve read very little about gdpr

  • Not if whatever data you have is in line with being used for what its original purpose was.

    i.e mailing lists.

    If you signed up and gave permission for an organisation to contact you with events and news indefinitely, they can continue to do so as long as you give them a clear understanding of their right to opt-out and they're not using your data or sharing it beyond that. i.e in the arts its quite common for cunts you've never heard of to beg, borrow or steal mailing lists from pals/orgs they work for and start spamming you with whatever drivel they're putting on with no way to stop it other than the spam button. GPDR would make that comprehensively illegal as I understand that as you never gave consent for that data to be shared or used.

    Most of the sense of GPDR seems to be trying to let people understand what data is being kept , what it's used for and how to access it-seems to me that David could sign everyone out the site, and create a pop-up detailing what data kept etc with a check box for consent or a no for deletion, and that would both give explicit consent/information on their next log in and that would satisfy all these criteria as he's not sharing or using the data for nefarious ends.

  • What you’re saying is right only you cannot keep anyone’s data indefinitely now. If someone is inactive, you must delete their data after a reasonable timeframe. Indefinitely is not reasonable

About

Avatar for deleted @deleted started