An Facebook Post

at

Um.

Judith Goldberger writes:

Bizarre letter from An Post sent to my neighbour who has moved. Is this the new definition of a Facebook Post?

Meanwhile…

Jaykers.

Sponsored Link

Related posts:

Facebook Appeal Facebook: It’s All About Me Irish Facebook Today’s Imponderable

12 thoughts on “An Facebook Post

  1. Afterlight

    This is An Post carefully outlining what their use and retention of data is with the new GDPR regulation coming in this May. It is completely changing how companies hold any EU resident’s data, ie. you will no longer be allowed to receive spam emails/ automatic mailing list emails just because you purchased from a company once. You must now give full consent and renew it every year for the specific purpose that company is contacting you for. If a company is found to be breaching the GDPR, they will be fined either €20 million or 4% of the companies worth, which ever value is greater. It’s very interesting and worthwhile for you to read a bit on.

    2. Ray Purchase

      It’s a standard data breach notice, under the existing Data Protection Acts. The GDPR is many things but it is not a time machine and cannot be directly effective until the end of May. Moreover, we haven’t finished the corresponding Bill in Ireland so this cannot be said to be GDPR related.

      Secondly, the fines don’t start at €20m/4%. That’s the top end for the serious breach category. If we see fines of this scale levied in Ireland for anyone outside the multi-billion euro multinational sector, I’d be quite surprised.

    1. Andyourpointiswhatexactly?

      To hide from other civil servants that he was working on Paddy’s Day. IMPACT would go nuts.

  3. Jonzo

    Agree with Afterlight.
    This is a GDPR practice to inform the person of who has and is processing your personal data, which after May 25th everyone has the right to request. Good to see An Post are proactive.
    Not quite sure that it means they cannot use the data but simply implies that you as the person have the right to correct or erase the data they have about you. You must request them to stop and delete your data not that prevented from contacting you. They also have the right to first prove who you are before acting on the request but that they also have a reasonable amount of time to do so. How long that is depends on the volume of data they hold and how easy it is to compile and report back to you.
    This regulation has had ~2,000 amendments by lobbyists and data consultants. Some regard this as a consultation money making racket “made by consultants for consultants”. I will leave that there.

    2. Ray Purchase

      It’s not a GDPR practice. It’s an existing DPA practice in the event of a data breach, which has occurred. The company that “accidentally” received the data can’t lawfully do a thing about it and will be asked by the DPC to prove that they’ve deleted it. Again, under the existing Data Protection Acts.

      The GDPR didn’t add much by way in terms of subject rights, it just expanded the scope and enforcement sides.

      It’s been a golden age for consultants (a good portion of which are ill informed and milking this for all its worth) but please don’t assume that the GDPR invented privacy law.

      1. Jonzo

        No absolutely not Ray, indeed this was just expansion on the Privacy Directive*** (not regulation) of 1995. Bringing it into the modern era. You are right it doesnt change majorly but does provide the person with more knowledge of their rights. In all a positive move but of course consultants being consultants.
        Have to run, I have a consultan…. meeting. I have a meeting. :P

        ***Directives leave everything open to the individual state… it doesn’t matter how it is implemented just so long as it is. Regulation on the other hand is a set process for all member states to follow.

  4. Jesus Wept

    Did An Post make a report to the Data Commisioners? Not sure they are mentioned on this letter.They should have to I think.

Comments are closed.

Broadsheet.ie