cross-posted from: https://lemmy.zip/post/52834195
“If adopted, these amendments would not simplify compliance but hollow out the GDPR’s and ePrivacy’s core guarantees: purpose limitation, accountability, and independent oversight,” Itxaso Dominguez de Olazabal, from the European Digital Rights group, told EUobserver.
The draft includes adjustments to what is considered “personal data,” a key component of the GDPR and protected by Article 8 of the Charter of Fundamental Rights of the European Union.
Yeah, that’s not it.
There’s this thing known as consent and purpose. For a GDPR violation, you need to lack either.
When your job has a noticeboard of names, emails and birthdays, they probably got your consent to post it up there. They didn’t get consent to post it onto Facebook.
Yeah, sharing a photo can be a GDPR violation. Because you need to prevent unneccessary processing of data. Like what Facebook does. That’s why most places require you to sign a waiver to allow photos and similar stuff being posted online.
It can be a lot of work. But so is writing a contract. You can’t just do some stuff willy-nilly, and for a good reason.
That being said, the GDPR is mostly unenforced. What it means in practice is “don’t ask, don’t tell”. Meaning, if you keep the info you do have under wraps, you should be fine. Just don’t go whoring your customers’/employees’ info out to your 18 356 “data partners”. Bonus points for having an “Accept All” and “More Options” button, but no “Reject All”.
1st prize for those whose “Reject All” doesn’t encompass “legitimate interest”.
You really hit the main points of our gdpr training. You’re right.