Under GDPR we will have to re-validate existing consents if they were not obtained in a way which would conform to the stricter requirements of GDPR - Recital 171.
What about mandated Privacy Notice Information? There are some technical requirements e.g. legal basis, retention issues, right to complain to ICO which will not have been in most historical notices.
Do we have to re-issue a PN to existing customers on 25 May? If not is continued processing unfair?
For info not received from the subject we may have the disproportionate effort exemption, but what about info received from the subject? Are we forgiven because Article 13 only bites at the time obtained?
If so does it bite again as soon as we obtain further information after 25 May?
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
