It can get fruity in some of the public sector dealings. You will legally be allowed to ask for any information held on you by bodies such as schools, hospitals, etc. This means that if someone has sent an essentially harmless email saying "that awkward [insert name] is in reception again, can you go down and fob them off with some story as I'm eating my lunch" it would have to be disclosed as they're named. Not fun at all, especially if you are dealing with people who genuinely are unreasonable as a) it would be an accurate comment and b) they'd be exactly the sort of person to kick up a fuss about it! I foresee a lot of coded emails and verbal communication making a come-back!
I never used to get them but a stupid mate opened a 'whats App' message and got hacked!!! everyone of his contacts have been plagued with this Sh*te ever since...
GDPR applies to any organisation that holds personal information, that starts with anything that can be used to identify an individual. For this site it's possible to sign up just by giving an email address, but you can enter more in your profile so GDPR does apply. There should be a clear statement somewhere that states what will be done with any information entered, i.e. used for targeted marketing by the organisation or given to 3rd parties etc. Plus it should state the security arrangements such as hosting, admin access policies etc. And if personal data is entered, a contact must be given where deletion can be requested, plus the procedures must be in place to perform the deletion within 1 month. If anyone has entered personal information, they must be advised of the new policies etc. and asked to agree or to have their data deleted. There's a lot more but the above covers (I think) the main points here. While being a pain for smaller organisations, it an be covered with a bit of work and planning. For anyone interested: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/
One of the main changes is the size of the fines and penalties imposed when an organisation is found to be non-compliant or when a serious data breach occurs There are two tiers of administrative fines that can be applied: 1) Up to €10 million, or 2% annual global turnover (whichever is higher) 2) Up to €20 million, or 4% annual global turnover (whichever is higher) They could also be liable to compensation claims from anyone affected by the GDPR infringement. This could be one hell of money spinner for the Information Commissioner's Office, back in 2015 Carphone Warehouse was hacked and lost the personal data of 3 million customers and around 1000 employees. They were fined £400,000 which seemed high at the time but will look like small fry in comparison to a 20 Million Euros fine
Do not buy or sell customer data Do not assume they can be contacted Do not think a business survives from a contact Anybody who does is a **** leader
This is what it is all about. The law industry and the government are going to make a shed load of dosh,