18 October 2017
Today I must get to grips with the GDPR, which stands for Godawful new Data Protection Rules. This is a lot harder than getting to grips with Eventbrite®, and unlike Eventbrite it appears not to be about to make my life any easier. But because IP Inclusive keeps lists of people who have agreed to being bombarded by Andrea emails without really knowing what they were letting themselves in for, we are going to have to comply with the GDPR. And it is coming soon to a desktop near you. Under the new rules, we will need to keep detailed lists of the lists we keep, and detailed details of the things we use those lists for. And details of the lists we share with other people. And we will also need written policies about all this, and written privacy notices and consent notices and heavens knows what else, so that before you can sign up to hear more about IP Inclusive, you will need six clear warnings, a signed consent form, verification of your ID and mental stability, a score of at least 75% on a written exam to check your understanding of our terms and conditions, and a four week cooling-off period. All of which will be documented and then added to the list of lists that we keep, prior to your asking us to amend or remove your data or repeat it all back to you under a Right of Access request. For which we must have a Procedure. And guess who is going to have to deal with this additional paperwork? I imagine the key terms of our Godawful new Data Protection Policy will be something like this:
If these do not suffice, then I will just have to hope that CIPA or CITMA have got to grips with the Godawful new Rules and will let me copy their policies instead. This has worked with other rules and regulations in the past, including the CIPA Stapler Refilling Policy, which I wrote for them when I was President and which has gone unchallenged (and indeed quite possibly unread) ever since.
0 Comments
Leave a Reply. |
Archives
July 2019
Categories |