Student Finance England sent 3 letters containing my full name, course of study and dates, university, and full loan entitlement and customer reference number for my loan to a random UK address. They are claiming there is no data breach because, they sent an email to my MP which was forwarded to me during this period (we were disputing a loan charge on my account) with the address so I therefore acknowledged it as my address, and that the HMRC alerted them of my change of address (although I had no change in my HMRC records of knowledge) and they claim the letters were returned in January to ..read more

Edited for clarification: We students "operate" a car rental company chain, whose parent company is in the U.S. and has several locations in the EU. These EU locations gather information like car rental preferences (size, color, type), trip length, number of party members, renter's driver's license information, email, cell #, etc. from each user either with consent or contract. All users/car renters are told some of the data will be used for marketing purposes and to better serve the customers in future rentals. Users can opt out of some of this data being collected while other data collectio ..read more

given that the company collects no money from sources based in the EU, what would happen to a company who refuses to follow GDPR data standards? submitted by /u/buyingshitformylab [visit reddit] [comments ..read more

In short, been looking for work recently so have been applying to lots of jobs through recruiters. I have just received an email from one of the company directors telling me they are running the London marathon with a ‘just giving’ link to sponsor them. Surely this is not an appropriate use of my contact details? submitted by /u/Nips4BoJo [visit reddit] [comments ..read more

Hello everyone, I am a student, and next year I have to do the internship for university, I would like to do it in the field of GDPR, do you know where I can look for such an internship? submitted by /u/MassiveWeb4695 [visit reddit] [comments ..read more

I work for a small company - no HR or DPO - and I've been asked to review the GDPR policies that we have and be the go-to person for colleagues who have GDPR queries. I had some basic GDPR training a couple of years back (in a different organisation) so I need a refresh before I'll be in position to help anyone else. I'm not looking for a big 'become a DPO' type course - I don't need certification. I only have a small budget (200 euros) and a few hours for a course. There are loads of short courses available but… I've no idea which are reputable and whether or not they provide accurate infor ..read more

Im in Italy. I left a job last year, I had a work email in the format joe.doe@company.com where I was receiving my payroll documents and contained documents exchanged between me and the company. I have access to the work email on my phone and after a few months of leaving the job I received an email notification, opened it since it was weird for an email to come when the email should have been deleted. When I got into the work email I noticed that colleagues were exchanging work documents between them using my personal email, I think my old computer (of which my employer had the password) was ..read more

Hey guys a quick question here, from a comparative point of view. In Italy for the delivery of medical documents (like diagnosting imaging or trials) to another person we have several legal bases for the processing of the “delegate” ordinary datas. Like for public structures its usually used the vital interests one (regarding to the vital interest of the data subject not the delegate). Private structures, on the other hand, use either the consent (given by the delegate to the structure for the processing of his data, the same data are already contained within the delegation module); Or the co ..read more

Hi, (UK) my child’s secondary school 6th form lead has contacted me over ‘issues’ between my child (17 nearly 18 yo) and another of their current students. My child left the school after GCSE’s last year. It later crossed my mind, the school must still hold my personal contact info. Is this usual practice for secondary schools in this scenario? I’ve searched GDPR regulations online but can’t seem to see anything that reflects this situation. Apologies in advance if this is the wrong sub to ask submitted by /u/Diligent_Broccoli_54 [visit reddit] [comments ..read more

How long should interview notes for successful candidates be retained for? The CIPD seems to suggest for the duration of time the person is employed: https://www.cipd.org/uk/knowledge/factsheets/keeping-records-uk-factsheet/#:~:text=Statutory%20retention%20period%3A%203%20years,years%20for%20public%20limited%20companies. It would seems sensible to keep something like this for the duration of employment, as you may need evidence to prove (or disprove) a person's qualifications for example, or their suitability for the role. At the same time, general wisdom seems to be to dispose after 6 months ..read more