* Posts by MdeB

2 posts • joined 1 Jun 2018

The glorious uncertainty: Backup world is having a GDPR moment


Re: What about ex staff?

It amazes me that people are posting here without understanding the GDPR rules.

"right to be forgotten" applies only to data that are held because the data subject has consented.

It does not apply to data for which the organisation has (and has notified) another legal basis for processing the data.

Thus complying with a request to delete personal data is not as simple as deleting all that subject's personal data (or making it anonymous by deleting the subject's name from the master index as some have suggested); it requires deleting a subset of data held. That also means that maintaining a list of requests to remove personal data IS allowed, because it is necessary to allow audit to show that you have complied with the request (and hence complied with the law, should it come to that).

TSB meltdown latest: Facepalming reaches critical mass as Brits get strangers' bank letters


My guess is that it is a physical device problem: letter folder taking two sheets at a time instead of one.

Biting the hand that feeds IT © 1998–2019