Profile picture
Steve Parks @steveparks
, 13 tweets, 3 min read Read on Twitter
A quick GDPR no-bullshit primer:

(1) it’s a good thing, and mainly just firms up what you should already be doing, by ensuring there’s process, documentation, auditability.
(2) Don’t be scared, especially when consultancies try to make you scared of fines etc to hire them

...
(3) Don’t panic. Information Commissioner has made clear there is a period of adoption in which they expect to see a good plan and a commitment from orgs rather than perfection. If they see this they will help/guide rather than punish. It’s better to get it right than rush.
...
(4) the main thing to know is that you must identify a ‘lawful basis’ for gathering, retaining & processing personal data
(5) personal data is any data record from which a person can be identified
(6) there are multiple options for the lawful basis, and consent is last resort
...
(7) the lawful bases are shown in this image, and at this link: ico.org.uk/for-organisati…
(8) so for example, in many situations the contractual or legitimate interests bases would apply first - you need certain data to fulfil contractual agreements, or what is expected of you
...
(9) asking users for consent for every little thing provides a poor user experience, and creates privacy fatigue which leads to people being taken advantage of elsewhere. Look how fed up everyone is of cookie banners, and how they don’t read them now
...
(10) where you do identify you need consent, check whether you already have it. Eg if using MailChimp to run a newsletter, it will already have a record of user signing up. That’s consent. No need to ask again - you’ll annoy people. Record that you considered this.
...
(11) examples where you will need to seek consent - you’ve taken peoples biz cards and started sending them the newsletter; you’ve bought a mailing list or conference delegate list; etc. In this case either just delete that data (Best), or send a simple message seeking opt-in
...
(12) in extreme situations, eg you’ve taken your customer data and provided it to the Leave EU campaign to combine with other dubiously sources data and use for potentially illegal campaigning - rather than delete this evidence, report yourself to the ICO and resign ;)
...
(13) this is just a short summary, but covers the bit I see most people panicking about & getting wrong. It’s not as scary as you think, and ICO website contains very clear & helpful info. They do regularly change it though (even now) so keep checking back ico.org.uk/for-organisati…
(14) my main implementation tips now.... start with an audit, mapping out all the data you gather, where it’s stored, when and why it is processed, when it is sent elsewhere, when it is deleted. Document this.
...
(15) identify the lawful basis at each point and mark whether it’s satisfied. Document this.
(16) create a list of the work to be done to address any concerns. Stack-rank prioritise this. Document this.
(17) work down the list, steadily and thoroughly rather than rushing
...
(18) and finally: do read ICO guidance on their website, be methodical rather than rush, document your work & decisions, and follow two pieces of advice from GDPR expert Douglas Adams:
A) DON’T PANIC!
B) I love deadlines, especially the swooshing noise they make as they go past
One final point - management, stakeholders etc who won’t have to do any work on it do not get to demand immediate 100% compliance. If they do, only agree on the basis that they personally 100% comply with all law for a whole month. Then put GPS tracking and camera on their car ;)
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Steve Parks
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

More from @steveparks see all

Profile picture
Evening all. It’s time for another of my threads looking at the steady progress being made by good people in fixing the mess of Brexit/Trump/Russia. Stand by for some good news...
First up, if you haven't seen my previous threads like this, here is the last one so you can catch up...
...Big headline this week is parliament getting its mojo back and government losing 3 key votes - including becoming the first gov in British history to be found in contempt of parliament. But the other 2 votes were significant too. @IanDunt has details... politics.co.uk/blogs/2018/12/…
Read 28 tweets
Profile picture
For those who followed my thread on the IOD spinning survey results about Brexit to support May’s deal... it turns out they sent that press release out TWO WEEKS before the survey had even finished!! It closes Nov 30th!!
...sure enough, I dig back into my emails to find the survey invitation I was sent, and it confirms the closing date is 30th Nov...
… here is the thread where I wrote about the slant in the structure of the survey, and the communication of its ‘results'…
Read 21 tweets
Profile picture
@SommetGovTech next session is ‘From Lab to Gov - harnessing the power of innovation’ #GovTechSummit ...
... the panel is:
...Alexandre starts by saying gov must innovate because citizens demand and expect it - they are used to a private sector that is making life easier and more connected. The challenge is how does government go about procuring such innovation?... #GovTechSummit
Read 24 tweets

Related threads

Profile picture
1. Good piece on where business is up to on #GDPR & personalisation: linkedin.com/pulse/personal… However, #ePrivacy Directive sets out cookie consent req unless "strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested"
2. There is significant EU case law on "strict necessity", as well as some on "explicit" & "specific" consent. It does not really suggest a "take-it-or-leave-it" rather than opt-in approach to additional "services"/"intrusions" (depending on your perspective) is OK/"debatable".
3. Rather it strongly points to such an approach being NOT legally OK. That may be inconvenient to #ecommerce & even v silly on the part of #EUDataP. However, those factors alone cannot change the meaning of v specifically crafted law, albeit law widely bent (or ignored) online.
Read 5 tweets
Profile picture
Part one, teardown.

Part two, diagnose(?)

Part three, repair(???)
Where the fuck is my groundstrap???
Inside of laptop, back side of motherboard, cables disconnected
Read 94 tweets
Profile picture
Here's someone who's highly engaged in politics, news and society but didn't know about #MyHROptOut until this morning.

If you're in media and wondering if this needs more coverage, here's your answer. #MyHealthRecord #Privacy
Opting out doesn't appear to be going well for people so far. I've seen multiple reports of long wait times on the phone and web server crashes.

I've you're planning to opt out, I'd suggest maybe not doing it today, but definitely not waiting too long.

#MyHealthRecord #Privacy
For the record, I've gone back and forward on opting out myself.

As a journalist with strong interests in tech and privacy, I really want to see the system for myself. Kick its tyres and experience its flaws and limitations personally. But ...

#MyHealthRecord #Privacy
Read 142 tweets
Profile picture
I don't usually comment on US domestic politics because it isn't my lane. I feel I am not knowledgeable enough but let me make an exception: fuck this guy talking about immigration in Europe. Especially in the context of Italy now threatening to deport Roma people
and I am too angry to have coherent thoughts because there have been times when it's been so lonely writing about immigration and racism in the EU. Some of you probably remember when I was told these weren't feminist issues
look where we are now. When in 2012 I was writing stuff such as this, nobody wanted to read it. Seriously, it was "exaggerations". Now, the immigrant detention industrial complex has become globalized tigerbeatdown.com/2012/02/02/tho…
Read 19 tweets
Profile picture
So the #Brexit folks (@danarohrabacher's friend, Farage, and Wigmore) were doing the exact same thing that the Trump fam and surrounding #MAGAs were doing. Not surprised one bit. No doubt the real story is much worse. (Murdoch owns The Times.)

thetimes.co.uk/article/exclus…
h/t @profcarroll
"Arron Banks, the millionaire businessman who helped fund Brexit, had three meetings with the RUSSIAN AMBASSADOR 🇷🇺 to Britain — raising explosive questions about attempts by Moscow to influence the referendum result."
Read 21 tweets

Trending hashtags

#GDPR #MyHROptOut #EUDataP #MetaDunzo #BULLSHIT #MyHealhRecord #CantPassItOn #privacy #Al #PrEP #afsos #flexcit #process #FOI #Brexit #nced #1nt #MerrickGarland #KavanaughHearings #choped #PeakDunzo #ecommerce #IvyBells #ePrivacy #Adtech

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($3.00/month or $30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!