All Questions
10
questions
0
votes
0
answers
36
views
Is a third party which solicits and accepts personal data from a customer on another’s behalf a processor or a controller?
Alice contracts with ACME insurance which sends her to their identity verification solution provider’s app/website (BCME KYC SOLUTIONS Inc). BCME’s portal asks Alice for photos of herself and other ...
-2
votes
1
answer
119
views
Are deleted comments left by U.K. based users retained and subject to subject access under U.K. GDPR?
Meet Bob; Bob left some comments on a post on stack exchange and some over zealous moderators decided that they were not needed and so to delete them. Bob wishes to access these comments for the ...
8
votes
1
answer
3k
views
Does GDPR apply when PII is already publicly available?
Pretend there is a website, it might be free to access, or be a paid per search service, where the users get access to summarised information on the people that they search for.
All of the information ...
- 1,202
1
vote
0
answers
52
views
What are the limits to what the information commissioner can take action upon?
It is in the news that a doctor inappropriately accessed and distributed a patients medical records. They did this through their employer, Cambridge University Hospitals (CUH) at Addenbrookes. The ...
- 7,810
4
votes
1
answer
1k
views
Is it a breach of GDPR and DPA to say a colleague is sick and off work?
This is a hypothetical question. Suppose a customer calls asking for a colleague, call her Alice, and Bob answers the phone and tells the customer that Alice is off sick with the flu. The customer ...
- 641
-1
votes
1
answer
37
views
Restricting processing of data provided to police
Suppose that a person A would like to report a crime of which they’ve become a victim, to the police. For this purpose the police typically require the victim’s date of birth in order to create a ...
-1
votes
1
answer
38
views
What are good tips and tricks to keep in mind when performing a subject access request for a comprehensive record of self-pertinent data from the met? [closed]
Bob would like to obtain as comprehensive as possible am archive of all data held on him by the metropolitan police, as well as any other police networks that they may be part of and share data with/...
1
vote
2
answers
1k
views
How long can an employer keep financial details after employee has left under GDPR?
I finished a job in 2019, but just received notification of a data breach at that job in 2021, and my bank account number, sort code, national insurance number, full name, address and date of birth ...
- 332
2
votes
1
answer
1k
views
UK Law Question (England): Can I Sue someone if they post a video of me on social media Without my Consent?
Scenario: Someone starts talking to you while they record you without you knowing it. You notice they're recording you and they tell you the video is going on Youtube. You tell them that this is only ...
- 31
3
votes
2
answers
339
views
GDPR liability for Web Designer
I am a web designer that works with a range of clients on a project basis. I complete a project and then offer my services at any hourly rate for any other work required in the future.
Do I have a ...
- 133