Indeed, I too agree with Fatima - I, coming from the EU, read point 9 in the article that Ed referred to in the same way. https://gdpr-info.eu/art-30-gdpr/ @Fatima: thanks ;-)
On 1 May 2018, at 05:24, Humberto Carrasco <hcarrascob@gmail.com> wrote:
Yes,
Fatima is right.
Regards
Humberto Carrasco Blanc Abogado Profesor Asociado Derecho Económico - Comercial Universidad Católica del Norte - Coquimbo LLM Queen Mary University of London PhD University of Edinburgh
El 30-04-2018, a las 19:23, Fatima Cambronero <fatimacambronero@gmail.com> escribió:
Eduardo,
This statement is false in part.
It is referring to the last paragraph of the article 30 of the GDPR that states:
The obligations referred to in paragraphs 1 and 2 shall not apply to an enterprise or an organisation employing fewer than 250 persons unless the processing it carries out is likely to result in a risk to the rights and freedoms of data subjects, the processing is not occasional, or the processing includes special categories of data as referred to in Article 9(1) or personal data relating to criminal convictions and offences referred to in Article 10.
The obligations referred to in paragraphs 1 and 2 are the maintaining of a record of processing activities under the responsibility of the controllers and the same obligation to the processor about this record of processing activities.
It means, the firms which have 250 employees or less still have to comply with all GDPR rules as standard but no with the referred obligations about the record of processing activities (with the exceptions of the same article 30).
Best Regards, Fatima
2018-04-30 10:00 GMT-05:00 Eduardo Diaz <eduardodiazrivera@gmail.com>: Alan:
What about the part of the statements that smaller firms do not have to comply with the GRDP rules as a standard. Is it true?
On Mon, Apr 30, 2018 at 10:50 AM Alan Greenberg <alan.greenberg@mcgill.ca> wrote: GDPR generally applies to all businesses.
There is an exemption about not maintaining records of how data is used, but if a person requests such a record, you would have to reconstruct it after the fact.
I was not aware of any exemption on publishing why and how data is collected and processed, but that may be ignorance on my part.
Alan
At 30/04/2018 10:22 AM, Eduardo Diaz wrote:
A friend of mine quoted the following from an article written here (bullet #9): https://government.diginomica.com/2018/01/22/gdpr-compliance-here-are-the-14...
"Smaller firms – those defined as hhaving 250 employees or less – do not have to comply with all GDPR rrules as standard. If your organisation falls into this band, there’s no need to have documentation of why personal data is being collected and processed, the information you’re storing or how long for. Smaller firms are not required to maintain a record of processing activities unless this carries a risk to the rights and freedoms of data subjects, it is a regular occurrence, or it relates to certain data like criminal convictions and offences."
The question: Is this statement true or false. If false what 's the real thing?
Thanks to whomever answers this.
-ed
Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Microsoft-Exchange-Diagnostics: 1;YTOPR01MB0396;27:Ytj/AIpssqiibmKnz50JsE2dlIuhl4mAZZ7KgUS70r3MLVG2H5KbNLby1tvjuxmL9xkihjOX8lTqRqdvkojOVcdFn+7J6Rg9dLd4q6K0sBwFMmlBydtVxY/DHJHtiGSJ X-Microsoft-Antispam-Message-Info: Z0icQu+yvOTMi4oe2M5K8h3rXupR/WWSGm7yxmyO/qZWHZyK6igFkjfsOJ8Zvdr+SypqAETDIqcyY01/xxTWorzEcbGFCOU0ZJh44OAwgSSTfu7epif694StzjXqCHQEoWJqrZLOQvKAH1JvkHIcRi7scwaHt8PwvCirITtXjdRNdJb9dw2QXEvB2r2Pol6vnyfj+CoqdP/6R67D3vRK35H2W+crSTRIVjKjWrgFIDYnC1d06+3i59oO+dGHw1Vwhuiu977GlToeSv5XpProXMgoWCVNBZZJ+j+vEq5FH1IKTZV8W1BohpSeFQXvXSHGhLbcAL8WKH2Jqn4AkB9PsLeVIZYN/ZNDXrKXjtf6mCJcPSDJjK+VxHsUB4px4RlVEe54ay1Dy0rFX9vxieiG2ll4Dd2uFoQfPdGjTcedFQg+mW9clPueIWcYO1lBuNZW1RVVwC4xRpb/AE09YMbCVv/O8mMq9+2j+zhX/7K9jf6ZLgTZ3NxwCkSoAmRhcQo0
------ NA-Discuss mailing list NA-Discuss@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/na-discuss
Visit the NARALO online at http://www.naralo.org ------
_______________________________________________ ALAC mailing list ALAC@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/alac
At-Large Online: http://www.atlarge.icann.org ALAC Working Wiki: https://community.icann.org/display/atlarge/At-Large+Advisory+Committee+(ALA...)
-- Fatima Cambronero Responsable del Área de Derecho Informático de R10S Abogados www.riosabogados.com México
Phone: México: +52 (55) 5252 2581 Twitter: @facambronero Skype: fatima.cambronero
_______________________________________________ ALAC mailing list ALAC@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/alac
At-Large Online: http://www.atlarge.icann.org ALAC Working Wiki: https://community.icann.org/display/atlarge/At-Large+Advisory+Committee+(ALA...)
_______________________________________________ ALAC mailing list ALAC@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/alac
At-Large Online: http://www.atlarge.icann.org ALAC Working Wiki: https://community.icann.org/display/atlarge/At-Large+Advisory+Committee+(ALA...)