All Questions
Tagged with united-kingdom gdpr
119
questions
0
votes
1
answer
150
views
What are the limits of ID requirements for a subject access request?
When one makes a subject access request it is required that the data controller is required to ensure the identity of the requestor, to prevent unauthorised individuals accessing personal data of ...
1
vote
1
answer
54
views
What references are available for the GDPR legitimate interests balancing test?
A basis for the processing of personally identifiable data (PII) is legitimate interest. According to the UK ICO data controllers who rely on this basis should conduct a legitimate interests ...
0
votes
1
answer
166
views
How does GDPR Art. 14 apply to large scale B2B data transfer
Article 14 of the GDPR appears to require any data controller to inform the data subject when a business to business transfer of personal data occurs. Business to business transfer of personal data ...
0
votes
1
answer
77
views
Is GDPR consent as part of Terms & Conditions valid?
In the terms and conditions of the kite festival consent for use of footage of the audience is written into the Terms & Conditions:
5.c: Ticket Holders consent to being photographed, filmed and ...
12
votes
1
answer
1k
views
Is an email enumeration vulnerability a breach of GDPR?
I'm a software engineer and I'm often asked to implement version of a user signup flow or login that can be summarised as follows:
User inputs their email
If the email belongs to an existing user, ...
1
vote
1
answer
66
views
What are the limits of service provision/PII consent for compliance with GDPR?
Most of the internet business model can be described as providing data in exchange for seeing adverts. These adverts are worth a lot more if they can be targeted. The GDPR applies to this, such that ...
0
votes
1
answer
57
views
Can you request response to SAR by web form?
When one makes a GDPR Subject Access Request (SAR), one can specify a particular form of response, for example by email. Also the data can be requested in a structured, commonly used and machine-...
1
vote
1
answer
92
views
Does the Data Protection Act 2018 in UK require users of a website to explicitly
Now that Brexit has happened, GDPR no longer takes effect in UK.
However, the Data Protection Act 2018 will continue to apply.
With GDPR's Article 6, a website is required to request explicit consent ...
4
votes
1
answer
336
views
GDPR unbelievable legitimate interest. What action to take?
If a website is claiming legitimate interest in data collection in a way that is unbelievable is there any action that a web site visitor can take?
For example, if one was to visit The Daily Mail you ...
1
vote
1
answer
112
views
How far up the chain of internet provision does my GDPR responsibility go?
Say I host a web page on my computer, and you visit that site from somewhere in Europe. The web server on my computer will know your IP address, and I can choose to "forget" it as soon as ...
0
votes
3
answers
117
views
GDPR, personal and political activity
The GDPR does not apply to the processing of personal data that is "by a natural person in the course of a purely personal or household activity". I cannot find a description of "...
1
vote
2
answers
1k
views
How long can an employer keep financial details after employee has left under GDPR?
I finished a job in 2019, but just received notification of a data breach at that job in 2021, and my bank account number, sort code, national insurance number, full name, address and date of birth ...
2
votes
1
answer
1k
views
UK Law Question (England): Can I Sue someone if they post a video of me on social media Without my Consent?
Scenario: Someone starts talking to you while they record you without you knowing it. You notice they're recording you and they tell you the video is going on Youtube. You tell them that this is only ...
5
votes
2
answers
540
views
Can I request to delete an account with a government?
This concerns my student loans repayment account which is managed by the gov.uk website.
I have paid my loan back in full and have had a confirmatory letter stating this as well, as I wanted to ensure ...
1
vote
1
answer
67
views
GPDR/ICO registration. Do I need to register? (Their site is inconsistent.)
https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/data-protection-fee/exemptions/ lists exemptions as:
Staff administration
...