Dennis, and anyone else who doesn't already know - and my apology for writing if you do.
We should all be aware of basic principles, in my view, - so it is worth reading a summary, easily found on the internet - but more importantly perhaps worth knowing that Article 30 of the regulation declares that organisations with fewer than 250 employees will not be bound by GDPR – although, there are several stipulations that we probably should still adhere to - basically and, to para-phase, not share customer data and keep your customer data secure.
Michael cddstamps and General Secretary of the Internet Philatelic Dealers Association (IPDA) ipdastamp.org
Thank you Michael. I had read somewhere that it would not apply to a business with under 250 employees but had forgotten that. At the moment I am 250 employees away from having to comply, but my experience with bureaucrats has been that they often tend to forget details about exemptions and try to insist that a business comply with regulation X, Y or Z. Pointing out that regulations do not apply takes time and while the bureaucrat gets paid while wasting time I do not. In a quick scan of the Paypal article on the GDPR there was no mention of the under 250 employee exemption.
As for sharing my data with anyone other than the Canada Revenue Agency, no bloody way. It cost me good money to build up my customer list and I am not going to give, sell or donate my customer data.
hmm... Michael you said " Article 30 of the regulation declares that organisations with fewer than 250 employees will not be bound by GDPR". My reading of this is that there are NO exemptions just less paperwork. Not that I really give a toss about this nanny state stuff.
Hi Rod, I think in principle you are right.. what it basically means is the likes of you and me and others don't have to appoint a data security officer or whatever it is called, and have complications around how we "protect the privacy" of our customers data. there is so much more but in principle that is it. And as Dennis said he, and us I am sure, are not going to sell or do anything untoward with the data we do get when customers make a purchase.
My original response to the question from Dennis was to try to say we are ok and do not need to do anything. - except perhaps show common sense.
Comments
We should all be aware of basic principles, in my view, - so it is worth reading a summary, easily found on the internet - but more importantly perhaps worth knowing that Article 30 of the regulation declares that organisations with fewer than 250 employees will not be bound by GDPR – although, there are several stipulations that we probably should still adhere to - basically and, to para-phase, not share customer data and keep your customer data secure.
Michael cddstamps and General Secretary of the Internet Philatelic Dealers Association (IPDA) ipdastamp.org
As for sharing my data with anyone other than the Canada Revenue Agency, no bloody way. It cost me good money to build up my customer list and I am not going to give, sell or donate my customer data.
My original response to the question from Dennis was to try to say we are ok and do not need to do anything. - except perhaps show common sense.
I hope this all makes sense. Michael