Profile picture
Steve Parks @steveparks
, 13 tweets, 3 min read Read on Twitter
A quick GDPR no-bullshit primer:

(1) it’s a good thing, and mainly just firms up what you should already be doing, by ensuring there’s process, documentation, auditability.
(2) Don’t be scared, especially when consultancies try to make you scared of fines etc to hire them

...
(3) Don’t panic. Information Commissioner has made clear there is a period of adoption in which they expect to see a good plan and a commitment from orgs rather than perfection. If they see this they will help/guide rather than punish. It’s better to get it right than rush.
...
(4) the main thing to know is that you must identify a ‘lawful basis’ for gathering, retaining & processing personal data
(5) personal data is any data record from which a person can be identified
(6) there are multiple options for the lawful basis, and consent is last resort
...
(7) the lawful bases are shown in this image, and at this link: ico.org.uk/for-organisati…
(8) so for example, in many situations the contractual or legitimate interests bases would apply first - you need certain data to fulfil contractual agreements, or what is expected of you
...
(9) asking users for consent for every little thing provides a poor user experience, and creates privacy fatigue which leads to people being taken advantage of elsewhere. Look how fed up everyone is of cookie banners, and how they don’t read them now
...
(10) where you do identify you need consent, check whether you already have it. Eg if using MailChimp to run a newsletter, it will already have a record of user signing up. That’s consent. No need to ask again - you’ll annoy people. Record that you considered this.
...
(11) examples where you will need to seek consent - you’ve taken peoples biz cards and started sending them the newsletter; you’ve bought a mailing list or conference delegate list; etc. In this case either just delete that data (Best), or send a simple message seeking opt-in
...
(12) in extreme situations, eg you’ve taken your customer data and provided it to the Leave EU campaign to combine with other dubiously sources data and use for potentially illegal campaigning - rather than delete this evidence, report yourself to the ICO and resign ;)
...
(13) this is just a short summary, but covers the bit I see most people panicking about & getting wrong. It’s not as scary as you think, and ICO website contains very clear & helpful info. They do regularly change it though (even now) so keep checking back ico.org.uk/for-organisati…
(14) my main implementation tips now.... start with an audit, mapping out all the data you gather, where it’s stored, when and why it is processed, when it is sent elsewhere, when it is deleted. Document this.
...
(15) identify the lawful basis at each point and mark whether it’s satisfied. Document this.
(16) create a list of the work to be done to address any concerns. Stack-rank prioritise this. Document this.
(17) work down the list, steadily and thoroughly rather than rushing
...
(18) and finally: do read ICO guidance on their website, be methodical rather than rush, document your work & decisions, and follow two pieces of advice from GDPR expert Douglas Adams:
A) DON’T PANIC!
B) I love deadlines, especially the swooshing noise they make as they go past
One final point - management, stakeholders etc who won’t have to do any work on it do not get to demand immediate 100% compliance. If they do, only agree on the basis that they personally 100% comply with all law for a whole month. Then put GPS tracking and camera on their car ;)
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Steve Parks
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($3.00/month or $30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!