All Questions
Tagged with united-kingdom gdpr
119
questions
1
vote
0
answers
73
views
Is it GDPR compliant to require registration to access a privacy policy?
There is currently an issue with Windows operating systems, reputed to be related to Falcon Sensor from CrowdStrike. From the description of their tool, the question of GDPR compliance can be asked ...
6
votes
1
answer
2k
views
Is deciding to use google fonts the sort of decision that makes an entity a controller rather than a processor?
In ensuring GDPR compliance determining which entities are data controllers and which data processors is a critical step. The UK government says:
The UK GDPR defines a controller as:
the natural or ...
0
votes
2
answers
178
views
Do patients have the right to foot moulds / models from chiropodists? [closed]
If a chiropodist produces a 3D model or mould from a patient's foot in order to produce orthotic insoles, is the chiropodist required to retain the model or mould for a particular period of time? Does ...
0
votes
0
answers
20
views
Does the transfer occurring under Article 45, 46 or 49 affect the Right of Access under Article 15.2?
Transfer of personal data from the UK to the US can, at least in theory, occur under Articles 45, 46 and 49. These all have different requirements.
Article 15 of the GDPR the Right of access includes ...
0
votes
0
answers
23
views
What does being "informed of the appropriate safeguards pursuant to Article 46" mean?
Article 15 of the GDPR the Right of access includes section 2:
Where personal data are transferred to a third country or to an international organisation, the data subject shall have the right to be ...
1
vote
1
answer
89
views
What exactly is a decision wrt. GDPR Automated individual decision-making?
The GDPR Article 22 provides rights relating to automated individual decision-making, including profiling. It starts:
The data subject shall have the right not to be subject to a decision based ...
1
vote
0
answers
45
views
How specific does the information need to be relating to personal information transfer between data controllers?
When personal information is transferred between data controllers the GDPR imposses certain requirements. Among these are information that must be provided to the data subject. As I understand it ...
1
vote
1
answer
139
views
Can computer performance metrics be personal data?
ScorecardResearch is a major data collection organisation that serves code onto some major UK web sites. Their privacy policy mentions a lot of tracking, including "hardware or device ...
3
votes
0
answers
44
views
Does there exist an example of meaningful information about an automated individual decision-making algorithm?
The GDPR Article 14 includes provisions for the data subject to have meaningful information about an automated individual decision-making algorithm that which produces legal effects concerning him or ...
0
votes
0
answers
58
views
Does the GDPR right to deletion in Art. 17 effectively include some "disproportionate effort" exception?
Some provisions of the GDPR have explicit exceptions about "disproportionate effort". Particularly relevant is the one in Article 19:
The controller shall communicate any rectification or ...
5
votes
2
answers
167
views
How do Wi-Fi Positioning Systems interact with the GDPR?
There is a paper (described in the news) that details how to use Apple's Wi-Fi Positioning System (WPS) facilitates mass surveillance, even of those not using Apple devices. The system is described ...
1
vote
1
answer
286
views
What exactly triggers the GDPR Article 14?
Article 14 of the GDPR concerns the requirement for a data controller to inform the data subject when they obtain personal data has been obtained from an entity that is not the data subject:
Art. 14 ...
6
votes
3
answers
3k
views
Are publicly available password dumps legal under GDPR
When a company gets breached by hackers, often the contents of their databases will make its way onto the internet. Sometimes this will include obviously personal information such as email contents or ...
2
votes
2
answers
177
views
Is it legal/appropriate to email a GDPR SAR to the executive team if that is the only email address the company provides?
This is prompted by this question but I am fairly sure I do not have the correct answer so I am making this one.
My personal answer to "How do I get my data from company X under GDPR" is to ...
0
votes
0
answers
25
views
Would a GDPR SAR cover the evidence an online company would be expected to provide to enforce a contractual debt?
It is in the news that HelloFresh is accused of charging people for deliveries they did not request, and said they would "send a third-party debt collector round" in the case of non-payment. ...