[ALAC] Question about GDRP

Humberto Carrasco hcarrascob at gmail.com
Tue May 1 03:24:38 UTC 2018


Yes,

Fatima is right.

Regards


Humberto Carrasco Blanc
Abogado
Profesor Asociado Derecho Económico - Comercial
Universidad Católica del Norte - Coquimbo
LLM Queen Mary University of London
PhD University of Edinburgh




> El 30-04-2018, a las 19:23, Fatima Cambronero <fatimacambronero at gmail.com> escribió:
> 
> Eduardo,
>  
> This statement is false in part.
>  
> It is referring to the last paragraph of the article 30 of the GDPR that states:
>  
> The obligations referred to in paragraphs 1 and 2 shall not apply to an enterprise or an organisation employing fewer than 250 persons unless the processing it carries out is likely to result in a risk to the rights and freedoms of data subjects, the processing is not occasional, or the processing includes special categories of data as referred to in Article 9(1) or personal data relating to criminal convictions and offences referred to in Article 10.
>  
> The obligations referred to in paragraphs 1 and 2 are the maintaining of a record of processing activities under the responsibility of the controllers and the same obligation to the processor about this record of processing activities.
>  
> It means, the firms which have 250 employees or less still have to comply with all GDPR rules as standard but no with the referred obligations about the record of processing activities (with the exceptions of the same article 30).
>  
> Best Regards,
> Fatima
> 
> 
> 2018-04-30 10:00 GMT-05:00 Eduardo Diaz <eduardodiazrivera at gmail.com <mailto:eduardodiazrivera at gmail.com>>:
> Alan:
> 
> What about the part of the statements that smaller firms do not have to comply with the GRDP rules as a standard. Is it true? 
> 
> On Mon, Apr 30, 2018 at 10:50 AM Alan Greenberg <alan.greenberg at mcgill.ca <mailto:alan.greenberg at mcgill.ca>> wrote:
> GDPR generally applies to all businesses.
> 
> There is an exemption about not maintaining records of how data is used, but if a person requests such a record, you would have to reconstruct it after the fact. 
> 
> I was not aware of any exemption on publishing why and how data is collected and processed, but that may be ignorance on my part.
> 
> Alan
> 
> 
> 
> At 30/04/2018 10:22 AM, Eduardo Diaz wrote:
> 
>> A friend of mine quoted the following from an article written here (bullet #9):https://government.diginomica.com/2018/01/22/gdpr-compliance-here-are-the-14-things-you-actually-need-to-do/ <https://government.diginomica.com/2018/01/22/gdpr-compliance-here-are-the-14-things-you-actually-need-to-do/> 
>> 
>> 
> 
>> "Smaller firms – those defined as hhaving 250 employees or less – do not have to comply with all GDPR rrules as standard. If your organisation falls into this band, there’s no need to have documentation of why personal data is being collected and processed, the information you’re storing or how long for. Smaller firms are not required to maintain a record of processing activities unless this carries a risk to the rights and freedoms of data subjects, it is a regular occurrence, or it relates to certain data like criminal convictions and offences."
> 
>> 
>> The question: Is this statement true or false. If false what 's the real thing?
>> 
>> Thanks to whomever answers this.
>> 
>> -ed
>> 
> 
>> Content-Type: text/plain; charset="us-ascii"
>> Content-Transfer-Encoding: 7bit
>> Content-Disposition: inline
>> X-Microsoft-Exchange-Diagnostics:
>>          1;YTOPR01MB0396;27:Ytj/AIpssqiibmKnz50JsE2dlIuhl4mAZZ7KgUS70r3MLVG2H5KbNLby1tvjuxmL9xkihjOX8lTqRqdvkojOVcdFn+7J6Rg9dLd4q6K0sBwFMmlBydtVxY/DHJHtiGSJ
>> X-Microsoft-Antispam-Message-Info:
>>          Z0icQu+yvOTMi4oe2M5K8h3rXupR/WWSGm7yxmyO/qZWHZyK6igFkjfsOJ8Zvdr+SypqAETDIqcyY01/xxTWorzEcbGFCOU0ZJh44OAwgSSTfu7epif694StzjXqCHQEoWJqrZLOQvKAH1JvkHIcRi7scwaHt8PwvCirITtXjdRNdJb9dw2QXEvB2r2Pol6vnyfj+CoqdP/6R67D3vRK35H2W+crSTRIVjKjWrgFIDYnC1d06+3i59oO+dGHw1Vwhuiu977GlToeSv5XpProXMgoWCVNBZZJ+j+vEq5FH1IKTZV8W1BohpSeFQXvXSHGhLbcAL8WKH2Jqn4AkB9PsLeVIZYN/ZNDXrKXjtf6mCJcPSDJjK+VxHsUB4px4RlVEe54ay1Dy0rFX9vxieiG2ll4Dd2uFoQfPdGjTcedFQg+mW9clPueIWcYO1lBuNZW1RVVwC4xRpb/AE09YMbCVv/O8mMq9+2j+zhX/7K9jf6ZLgTZ3NxwCkSoAmRhcQo0
>> 
>> ------
>> NA-Discuss mailing list
>> NA-Discuss at atlarge-lists.icann.org <mailto:NA-Discuss at atlarge-lists.icann.org>
>> https://atlarge-lists.icann.org/mailman/listinfo/na-discuss <https://atlarge-lists.icann.org/mailman/listinfo/na-discuss>
>> 
>> Visit the NARALO online at http://www.naralo.org <http://www.naralo.org/>
>> ------
> 
> _______________________________________________
> ALAC mailing list
> ALAC at atlarge-lists.icann.org <mailto:ALAC at atlarge-lists.icann.org>
> https://atlarge-lists.icann.org/mailman/listinfo/alac <https://atlarge-lists.icann.org/mailman/listinfo/alac>
> 
> At-Large Online: http://www.atlarge.icann.org <http://www.atlarge.icann.org/>
> ALAC Working Wiki: https://community.icann.org/display/atlarge/At-Large+Advisory+Committee+(ALAC) <https://community.icann.org/display/atlarge/At-Large+Advisory+Committee+(ALAC)>
> 
> 
> 
> -- 
> Fatima Cambronero
> Responsable del Área de Derecho Informático de R10S Abogados
> www.riosabogados.com <http://www.riosabogados.com/>
> México
> 
> Phone: México: +52 (55) 5252 2581
> Twitter: @facambronero
> Skype: fatima.cambronero
> 
> _______________________________________________
> ALAC mailing list
> ALAC at atlarge-lists.icann.org
> https://atlarge-lists.icann.org/mailman/listinfo/alac
> 
> At-Large Online: http://www.atlarge.icann.org
> ALAC Working Wiki: https://community.icann.org/display/atlarge/At-Large+Advisory+Committee+(ALAC)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://atlarge-lists.icann.org/pipermail/alac/attachments/20180430/ea8b5adf/attachment-0001.html>


More information about the ALAC mailing list