So grateful for this clip - Thank you ! Could you please explain what you mean at 9:44 "The right to withdraw consent is a tactical, not a strategic one" ?
Hi, many thanks for your great comment! On consent being tactical not strategic - we mean that it can be withdrawn at any time by the individual and no longer relied on from that point forwards, so if you're eg looking for a legal basis for delivering a product someone has bought, you'd best use necessary for contract. When identifying an appropriate legal basis, there may be more than one available but you'll tend to find one stands out as most appropriate. Don't just go for consent without looking at the other equally valid - and potentially much more appropriate as per our example above - legal bases available. Hope that clarifies it.
@@robertbaugh1103 Ah yes, thank you, that's clear now. Anyone can withdraw consent anytime but all the processing before their withdrawal date remains lawful - got it. Thank you so much again, your videos are a lifesaver for solopreneurs like myself ! I hope you are well and wishing you all the best going forwrads too :)
Many thanks! You could say it's 2. We say 3 as Art 10 separates out keeping a comprehensive register into its second sentence, so we follow that lead and the first 2 are in the first sentence of Art 10: any processing relating to criminal convictions and offences or related security measures is either under official authority (1) or as set out in law (2). And the third is the second sentence of Art 10: Any comprehensive register of criminal convictions shall be kept only under the control of official authority. As above, you can say 2 legal bases but we think it reflects the separating out of the comprehensive register part to say 3.
@@PrivacyKitchen Thanks! Definitely agree. I would say it's important not to forget to then go on and identify the appropriate DPA 2018 Schedule 1 condition (in the UK at least!)
How would you categorize this data protection issue: my company uses a vendor to track our employees compliance, recording viewing of the video and test scores. We are required to submit this to stay in business. The vendor had a bug/programming hiccup in the software and deleted all our records when swapped the old course with the 2021 course. We have no data. Would this be a violation? Thank you!
Hi there. We do provide a full range of services (our Keepabl SaaS platform, Privacy Policy Pack and Privacy Kitchen training), however we don't provide advisory services. We'd be delighted to recommend consultants and lawyers to you that we work with if you'd like to email us at hello@keepabl.com? In terms of your comment, what we can say as a general comment not specific to your situation (and this obviously isn't legal advice) is that a processor losing personal data of a controller may be an availability breach if no other copy is available when needed and, if you decide that, you'd move on to look at risk to the data subjects and then whether you need to notify regulators and individuals or not - and not just because of GDPR, it may just be the right thing to do, or it may not be necessary. Controllers can't abdicate responsibility to processors so it's on the controller to ensure backups etc are in place.
I enjoyed this video, Clear and concise!
Many thanks! Keep the feedback and suggestions coming!
This channel is so, so good. Thank you for making this content.
Thanks so much for your comment!
Gaymen
@PrivacyKitchen you
Gaymen 0:10
KeithJpoones-q7r
Great summary! Thank you 🙂
So grateful for this clip - Thank you ! Could you please explain what you mean at 9:44 "The right to withdraw consent is a tactical, not a strategic one" ?
Hi, many thanks for your great comment! On consent being tactical not strategic - we mean that it can be withdrawn at any time by the individual and no longer relied on from that point forwards, so if you're eg looking for a legal basis for delivering a product someone has bought, you'd best use necessary for contract. When identifying an appropriate legal basis, there may be more than one available but you'll tend to find one stands out as most appropriate. Don't just go for consent without looking at the other equally valid - and potentially much more appropriate as per our example above - legal bases available. Hope that clarifies it.
@@robertbaugh1103 Ah yes, thank you, that's clear now. Anyone can withdraw consent anytime but all the processing before their withdrawal date remains lawful - got it. Thank you so much again, your videos are a lifesaver for solopreneurs like myself ! I hope you are well and wishing you all the best going forwrads too :)
KeithJpoones-q7r
0:10
Good video - I'm curious as to what's meant at 12:00 when you mention Article 10. What are the 3 conditions under Article 10?
Many thanks! You could say it's 2. We say 3 as Art 10 separates out keeping a comprehensive register into its second sentence, so we follow that lead and the first 2 are in the first sentence of Art 10: any processing relating to criminal convictions and offences or related security measures is either under official authority (1) or as set out in law (2). And the third is the second sentence of Art 10: Any comprehensive register of criminal convictions shall be kept only under the control of official authority. As above, you can say 2 legal bases but we think it reflects the separating out of the comprehensive register part to say 3.
@@PrivacyKitchen Thanks! Definitely agree. I would say it's important not to forget to then go on and identify the appropriate DPA 2018 Schedule 1 condition (in the UK at least!)
@@KirkpatrickSounds For sure for those for whom the UK DPA applies - and others should definitely check their national laws too.
How would you categorize this data protection issue: my company uses a vendor to track our employees compliance, recording viewing of the video and test scores. We are required to submit this to stay in business. The vendor had a bug/programming hiccup in the software and deleted all our records when swapped the old course with the 2021 course. We have no data. Would this be a violation? Thank you!
Hi there. We do provide a full range of services (our Keepabl SaaS platform, Privacy Policy Pack and Privacy Kitchen training), however we don't provide advisory services. We'd be delighted to recommend consultants and lawyers to you that we work with if you'd like to email us at hello@keepabl.com? In terms of your comment, what we can say as a general comment not specific to your situation (and this obviously isn't legal advice) is that a processor losing personal data of a controller may be an availability breach if no other copy is available when needed and, if you decide that, you'd move on to look at risk to the data subjects and then whether you need to notify regulators and individuals or not - and not just because of GDPR, it may just be the right thing to do, or it may not be necessary. Controllers can't abdicate responsibility to processors so it's on the controller to ensure backups etc are in place.
As if they ever disclose any of this