Re: [Ql-Users] GDPR and 25th May
On 2018-05-04 20:55, Wolfgang Lenerz via Ql-Users wrote: Hi, Possibly true - although if an IP address can be classified as personal data or a factor specific to the identity of that natural person, I am sure an email address can be. I forget all of the mailing list commands, but there used to be one where you could get a list of email subscribers, and of course the online archive still contains past messages, including where people may have entered their name, website, or address as part of their signature. There is then no way to exercise the right to be forgotten. Presumably the software behind the mailing list will itself be updated at some point Maybe. If ALL you have is a list of email addresses, I'd tend to think that this information by itself is not something with which a person can be identified. I certainly didn't give any other information than than hen suscribing - after all, all it took was to send an email to the list maintainer. I'm not aware of an online archive. Is that maintained by the owner of the list? I am fairly sure that if an IP address is enough for the legislation (bearing in mind that they rotate and not many people have fixed IP addresses), an email address is sufficient to identify a person's online identity... The archive is automatically stored by the list software and (at least ql-users) is only accessible to users of the list. You can unsubscribe (but the list might not store the date and time of unsubsribing) through: http://lists.q-v-d.com/listinfo.cgi/ql-users-q-v-d.com This also allows registered users of the list to access the full list of members :( Rich Mellor RWAP Software www.rwapsoftware.co.uk www.sellmyretro.com ___ QL-Users Mailing List
Re: [Ql-Users] GDPR and 25th May
Hi, Possibly true - although if an IP address can be classified as personal data or a factor specific to the identity of that natural person, I am sure an email address can be. I forget all of the mailing list commands, but there used to be one where you could get a list of email subscribers, and of course the online archive still contains past messages, including where people may have entered their name, website, or address as part of their signature. There is then no way to exercise the right to be forgotten. Presumably the software behind the mailing list will itself be updated at some point Maybe. If ALL you have is a list of email addresses, I'd tend to think that this information by itself is not something with which a person can be identified. I certainly didn't give any other information than than hen suscribing - after all, all it took was to send an email to the list maintainer. I'm not aware of an online archive. Is that maintained by the owner of the list? Wolfgang ___ QL-Users Mailing List
Re: [Ql-Users] GDPR and 25th May
On 2018-05-04 20:35, Wolfgang Lenerz via Ql-Users wrote: Hi, Article 30, section 5: "5. The obligations referred to in paragraphs 1 and 2 shall not apply to an enterprise or an organisation employing fewer than 250 persons unless the processing it carries out is likely to result in a risk to the rights and freedoms of data subjects, the processing is not occasional, or the processing includes special categories of data as referred to in Article 9(1) or personal data relating to criminal convictions and offences referred to in Article 10." I think this makes the mailing list excempt from the need to keep detailed records. Under the presumption that less than 250 people manage the mailing list, of course. This only applies to the need for a data controller and processor, not the general duties under the GDPR. Ah yes - so it appears: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/documentation/who-needs-to-document-their-processing-activities/ However, "This Regulation applies to the processing of personal data wholly or partly by automated means and to the processing other than by automated means of personal data which form part of a filing system or are intended to form part of a filing system." (art 2) and '‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;' (art 4-1) and 'processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction; (art 4-2) Whether an email list, where it may be argued that no processing of personal data is done, falls under that scope is, at least, debatable... Possibly true - although if an IP address can be classified as personal data or a factor specific to the identity of that natural person, I am sure an email address can be. I forget all of the mailing list commands, but there used to be one where you could get a list of email subscribers, and of course the online archive still contains past messages, including where people may have entered their name, website, or address as part of their signature. There is then no way to exercise the right to be forgotten. Presumably the software behind the mailing list will itself be updated at some point Rich Mellor RWAP Software www.rwapsoftware.co.uk www.sellmyretro.com ___ QL-Users Mailing List
Re: [Ql-Users] GDPR and 25th May
Hi, Article 30, section 5: "5. The obligations referred to in paragraphs 1 and 2 shall not apply to an enterprise or an organisation employing fewer than 250 persons unless the processing it carries out is likely to result in a risk to the rights and freedoms of data subjects, the processing is not occasional, or the processing includes special categories of data as referred to in Article 9(1) or personal data relating to criminal convictions and offences referred to in Article 10." I think this makes the mailing list excempt from the need to keep detailed records. Under the presumption that less than 250 people manage the mailing list, of course. This only applies to the need for a data controller and processor, not the general duties under the GDPR. However, "This Regulation applies to the processing of personal data wholly or partly by automated means and to the processing other than by automated means of personal data which form part of a filing system or are intended to form part of a filing system." (art 2) and '‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;' (art 4-1) and 'processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction; (art 4-2) Whether an email list, where it may be argued that no processing of personal data is done, falls under that scope is, at least, debatable... Wolfgang ___ QL-Users Mailing List
Re: [Ql-Users] GDPR and 25th May
On 04/05/2018 17:23, Marcel Kilgus via Ql-Users wrote: Article 30, section 5: "5. The obligations referred to in paragraphs 1 and 2 shall not apply to an enterprise or an organisation employing fewer than 250 persons unless the processing it carries out is likely to result in a risk to the rights and freedoms of data subjects, the processing is not occasional, or the processing includes special categories of data as referred to in Article 9(1) or personal data relating to criminal convictions and offences referred to in Article 10." That is surprising - you could of course have a huge mailing list... Jochen was put off his own website because of the GDPR - I have not seen this exemption mentioned anywhere as it would apply to my 10,000+ mailing list too! -- Rich Mellor RWAP Services Specialist Enuuk Auction Programming Services www.rwapservices.co.uk ___ QL-Users Mailing List
Re: [Ql-Users] GDPR and 25th May
Rich Mellor via Ql-Users wrote: > With the new GDPR legislation coming in on 25th May - how will the > mailing list cope with this? Article 30, section 5: "5. The obligations referred to in paragraphs 1 and 2 shall not apply to an enterprise or an organisation employing fewer than 250 persons unless the processing it carries out is likely to result in a risk to the rights and freedoms of data subjects, the processing is not occasional, or the processing includes special categories of data as referred to in Article 9(1) or personal data relating to criminal convictions and offences referred to in Article 10." I think this makes the mailing list excempt from the need to keep detailed records. Under the presumption that less than 250 people manage the mailing list, of course. Marcel ___ QL-Users Mailing List
[Ql-Users] GDPR and 25th May
Hi all, With the new GDPR legislation coming in on 25th May - how will the mailing list cope with this? We seem to need to: a) Keep a record of any emails sent asking to join the list b) Keep a record of any emails sent to get removed from the list c) Ensure there is simple to understand information on how to join the list / be removed; and who has access to the emails on the list d) More problematic is the right to be forgotten - as surely all emails included in the thread history etc would need to be removed or at least anonymised in that case Can the mailing list admin already cope with this? -- Rich Mellor RWAP Services Specialist Enuuk Auction Programming Services www.rwapservices.co.uk ___ QL-Users Mailing List