Naomi, I/we very much agree with you, and thank you for the helpfuol blog.  GDPR means we have had to look at a whole range of things and to make some changes to our policies and working practices, although because the range of what we do is relatively limited (in comparison with the distinguished company we keep in this forum) the impact is not that great.  My comment to which you responded was specifically in respect of website cookies - clearly that's not the only area we have to look at, just the only one in connection with our website.



Bob Clark
Director
The Auchindrain Trust
mailto:[log in to unmask]

-----

Tuesday, April 3, 2018, 8:58:55 PM, you wrote:

Hello everyone Don’t forget the current Data Protection 1998 laws (which will be replaced by GDPR - in the form of the Data Protection Act 2018) require you to understand why you are collecting personal data (which will include email addresses, ISPs etc and paper records), and other important obligations. I’ve blogged here Some pointers to get started www.naomikorn.com/blog Although you maybe a small (and perfectly formed) museum, you will need to get gripes with data protection within the context of all your activities. I would say that as a sector we are right now in terms of data protection, where we were 15 years ago with copyright. My best Naomi Naomi Korn   Managing Director Naomi Korn Copyright Consultancy Ltd -  Private Limited Company: 7804095   Mobile: 079 57761032 Skype: naomi.korn Twitter: @nkorn   www.naomikorn.com www.web2rights.com On 3 Apr 2018, at 20:51, Bob Clark <[log in to unmask]> wrote: Re: GDPR and cookies We are a quite small museum doing normal things with an ordinary website.  The advice we have received is that the only area we will have to look at is where email addresses are gathered because someone uses the website to make contact.  If others think or know different, we'd like to be aware. Bob Clark Director The Auchindrain Trust mailto:[log in to unmask] ----- Tuesday, April 3, 2018, 6:21:09 PM, you wrote: My understanding is that cookies (or any other tracking tools) are only covered under GDPR if they are collecting personal data. Otherwise they are covered by PECR which isn't changing at this time and I think this is why there's been no additional guidance issued. So unfortunately it very much depends on what cookies you're using and what they do. Re persistent cookie notice - a large number of folk include a clear link to the detailed cookie advice in their footer so that it's always available - which I see RSC already does. If your cookies are feeding back IP addresses to a tool you use, you'd likely need to combine it with other data in order to be able to take a guess at who the person is. IP addresses might be classified as a pseudonymous if you have other data sources that combine it with in order to identify someone but it totally depends what systems you're using and what else is being collected through that system. On 3 April 2018 at 17:33, Tony Crockford <[log in to unmask]> wrote: On 3 Apr 2018, at 11:56, John Benfield <[log in to unmask]> wrote: You then have to allow users to change their mind at any point via a similar option, which sounds like a persistent cookie notice. I'm still struggling with the concept that the use of cookies could accurately (beyond all reasonable doubt)  identify an individual. How does anyone know for certain  that the person driving my computer is me? in a shared computer household with multiple devices, does anyone really know that the site visit is by me and not by a family member, or family friend or indeed the family cat? ...and then there's the question of circumstances where IP addresses aren't fixed, how would an IP address recorded by a cookie one week identify an individual if a different household router were awarded the same IP address next week? how personal is that data now? :( **************************************************************** website: http://museumscomputergroup.org.uk/ Twitter: http://www.twitter.com/ukmcg Facebook: http://www.facebook.com/museumscomputergroup [un]subscribe: http://museumscomputergroup.org.uk/email-list/ **************************************************************** -- Dee Ishani 07740 356873 [log in to unmask]  twitter: stripysocksrock skype: nadine.ishani linkedin: https://uk.linkedin.com/in/nadineishani **************************************************************** website: http://museumscomputergroup.org.uk/ Twitter: http://www.twitter.com/ukmcg Facebook: http://www.facebook.com/museumscomputergroup [un]subscribe: http://museumscomputergroup.org.uk/email-list/ **************************************************************** **************************************************************** website: http://museumscomputergroup.org.uk/ Twitter: http://www.twitter.com/ukmcg Facebook: http://www.facebook.com/museumscomputergroup [un]subscribe: http://museumscomputergroup.org.uk/email-list/ **************************************************************** **************************************************************** website: http://museumscomputergroup.org.uk/ Twitter: http://www.twitter.com/ukmcg Facebook: http://www.facebook.com/museumscomputergroup [un]subscribe: http://museumscomputergroup.org.uk/email-list/ ****************************************************************

**************************************************************** website: http://museumscomputergroup.org.uk/ Twitter: http://www.twitter.com/ukmcg Facebook: http://www.facebook.com/museumscomputergroup [un]subscribe: http://museumscomputergroup.org.uk/email-list/ ****************************************************************