GDPR

GDPR

DISCLAIMER:

  • This document contains unedited notes and has not been formally proofread.
  • The information provided in this document is intended to provide a basic understanding of certain technologies.
  • Please exercise caution when visiting or downloading from websites mentioned in this document and verify the safety of the website and software.
  • Some websites and software may be flagged as malware by antivirus programs.
  • The document is not intended to be a comprehensive guide and should not be relied upon as the sole source of information.
  • The document is not a substitute for professional advice or expert analysis and should not be used as such.
  • The document does not constitute an endorsement or recommendation of any particular technology, product, or service.
  • The reader assumes all responsibility for their use of the information contained in this document and any consequences that may arise.
  • The author disclaim any liability for any damages or losses that may result from the use of this document or the information contained therein.
  • The author reserve the right to update or change the information contained in this document at any time without prior notice

Reference:

Transcript from you tube derived using Fabric:

  • https://www.gouti1454.com/p/llama-ai.html#yttranscript389m
GDPR ACT: https://www.legislation.gov.uk/ukpga/2018/12/contents/enacted.

Open-source 

  • Link to the tool: https://remover.visiblelabs.org/
  • Link to the code: https://github.com/visible-cx/databroker_remover

****************************************************************************

GDPR

How to Collect, Manage, process personal data

  • GDPR key concepts
  • Lawful processing
  • Data subject rights
  • Data controllers Vs Data processors
  • Privacy by design

DPO - Data protection Officer

    GDPR requires parental concerns before collecting children's data who are less than 16 or 13. Companies time to respond for a data breach and 72 Hrs to communicate with the EU regarding the breach.

  • Do I need all of the data I am Collecting here?
  • Could o do this work without using personal data at all.
  • Am I using the data in a way a user may not expect?
  • Do I have a plan to delete this data once I no longer need it?


DPIA -Data Protection Impact Assessment

DSRs - Data Subject rights :

  • 6 GDPR DSRs
  • Right to be forgotten
  • Right of access
  • Right to data portability
  • Right to restriction of processing
  • Right to rectify
  • Right to object


Methods to prove lawfulness of Processing:

  • Contractual Necessity
  • Consent
  • Legitimate interest

GDPR Controllers and Processors

Controllers: are at risk of incurring high fines if they do not meet the obligations set forth in the GDPR.


**********************************************************************************


The Role of GDPR in Protecting Personal Data: non-compliance with GDPR standards.

        This YouTube video (linked below) highlights how GDPR regulations help protect personal data by enabling users to request its deletion. The video dives into the concerning practice where third parties purchase personal data from data brokers and resell it to businesses, often without the user’s knowledge or consent. This example underscores the misuse of personal data and non-compliance with GDPR standards.


Using Open-Source Tools to Request Data Deletion

If you're concerned about your data privacy, an open-source tool exists that lets you request data deletion from data brokers. You can access the tool: https://remover.visiblelabs.org/

In the UK and EU, users have the right to make a "Data Deletion Request" under the UK Data Protection Act.

Deleting Data Request form

For "sagacity solutions"

For example, if you'd like to request data deletion from Sagacity Solutions, you can use this link [https://www.mydatachoices.co.uk/Suppress] or contact them via email at dpo@sagacitysolutions.co.uk.


Transcript from you tube derived using Fabric:

Reference:

yt --transcript https://youtu.be/Ryv_rT41Jks?si=kM4FnrxBvm5HMt4X | fabric -sp clean_text


Transcript summary:

This Could Be the Most Deceptive and Possibly Unlawful Strategy I've Ever Seen from TV Licensing


I believe that by the end of this video, I'll have provided you with a discount on a service that can help protect you from similar situations. This video is in partnership with Incog, which I'll explain later. I was contacted by one of my viewers who had a dispute with TV Licensing, a trademark of the BBC. The BBC contracts out most of its services to enforce TV licensing to a company that operates under the brand of TV Licensing.


My viewer submitted a subject access request, but the letter I'll be discussing is not a response to that request. Instead, it's a response to a complaint following the letters received. Before diving into the letter, I'd like to ask that if you enjoy my objective, neutral, and sometimes brutal breakdowns of letters, stories, politics, law, and news, please consider liking the video, subscribing to my channel, and ringing the notification bell.


Now, let's examine the letter and where it all started. The issue began when my viewer received a letter from TV Licensing, claiming that they had been watching BBC iPlayer without a license. My viewer responded by stating that they hadn't been watching iPlayer and that they consume zero BBC content. They also mentioned that they have all BBC accounts blocked on social media and watch media on Disney+, YouTube, and Amazon Prime.


It's essential to clarify that a TV license is not dependent on BBC content alone. If you watch or record any live TV or consume BBC content through BBC iPlayer, you need a TV license. However, in this case, it makes no material difference to the letter.


My viewer asked how the mistake was made and requested a sincere apology for the unnecessary stress and anxiety caused. The BBC responded by explaining that they had used data provided by a third-party company, Sega City Solutions, to increase the effectiveness of their approach. This data included email addresses linked to no-license-needed postal addresses.


The BBC compared this data with their list of no-license-needed addresses and sent letters to those addresses if the email address had been used to access BBC iPlayer. However, there's a disconnect here, as the BBC is sending letters to addresses because the email address has been used to access iPlayer, without considering that people may have moved house and still use the same email address.


The letter from the BBC explains that Sega City Solutions has contracts with third parties that provide personal data about those third-party customers. This data is then shared with the BBC, which uses it to send letters threatening prosecution if a TV license is not purchased.


The problem here is that Sega City is one of many third-party companies that hold data and information on you, and they sell or provide access to it. The BBC has confirmed that Sega City has contracts with further third parties, which provide personal data about those third-party customers.


My partner for this video is Incog, a service that helps protect your privacy, identity, and security by contacting data broker marketing companies that gather your information and requiring them to remove your data from their servers in accordance with GDPR.


The BBC has used data provided by Sega City Solutions to threaten my viewer with prosecution, but I believe this approach may be potentially unlawful. The data processing in this case may be incompatible with the original purposes for which it was gathered.


The BBC has confirmed that the email address provided by Sega City Solutions could belong to someone no longer associated with the address, but they still used this data to send a letter to my viewer. This approach has led to people deciding to buy a TV license, either because they genuinely need one or because they fear prosecution.


I think there's a serious problem here with GDPR and the way in which the data has been processed. The data was gathered for one purpose but was then used for another, potentially incompatible purpose.


If you want to avoid being targeted by these third-party companies and protect your data, I recommend checking out Incog. They will contact these companies and require them to remove your data from their servers.


In conclusion, I believe that the BBC's strategy of using data from third-party companies to threaten prosecution is potentially unlawful and may be in breach of GDPR. I recommend being cautious when sharing your data and using services like Incog to protect your privacy and security.


Comments

Popular Posts

HOME LAB : HANDS-ON

Multifactor authentication Updated for 2024

Chennai :MTC complaint cell Customer Care No.:+91-9445030516 /Toll Free : 18005991500