Re: [GNC] GDPR and data held in GnuCash
On Tue, 10 Apr 2018 13:54:16 +0100 "Maf. King"wrote: > On Tuesday, 10 April 2018 13:24:55 BST Colin Law wrote: > > > However I believe that any data that is required for 'contractual' > > reasons is not covered. When one sells anything there is an implicit > > (or explicit) contract so I assume (though I have no qualifications in > > this area) that customer data required for invoices and so on would > > not be covered. However if I were a business with customer data I > > would be asking my legal guy about this. > > > > That is basically what I've been advised. If you sell stuff, then you are > able to hold invoice & delivery details for the purposes of that transaction > (and future transactions too) Also, in the case of the invoice address, > there > is no "right to be forgotten" as it is statutory info that you have to hold > for the tax authorities to inspect (should they wish to). > > What you can't do for example, is use the delivery data to send a marketing > mailshot without prior, documented, explicit consent for that use, and even > then, only is sofar as you have said you would in the privacy policy. > > IANAL, but I don't think this is an issue for GC - indeed, for many years it > was remarkably hard to get customer details out of GC to use for other > purposes! > > Maf. > > Good points and now having read: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/contract/ I'm inclined to agree that this is not an issue for GnuCash. It seems though that I need to document this as part of company policy. Mike E ___ gnucash-user mailing list gnucash-user@gnucash.org To update your subscription preferences or to unsubscribe: https://lists.gnucash.org/mailman/listinfo/gnucash-user If you are using Nabble or Gmane, please see https://wiki.gnucash.org/wiki/Mailing_Lists for more information. - Please remember to CC this list on all your replies. You can do this by using Reply-To-List or Reply-All.
Re: [GNC] GDPR and data held in GnuCash
On Tuesday, 10 April 2018 13:24:55 BST Colin Law wrote: > However I believe that any data that is required for 'contractual' > reasons is not covered. When one sells anything there is an implicit > (or explicit) contract so I assume (though I have no qualifications in > this area) that customer data required for invoices and so on would > not be covered. However if I were a business with customer data I > would be asking my legal guy about this. > That is basically what I've been advised. If you sell stuff, then you are able to hold invoice & delivery details for the purposes of that transaction (and future transactions too) Also, in the case of the invoice address, there is no "right to be forgotten" as it is statutory info that you have to hold for the tax authorities to inspect (should they wish to). What you can't do for example, is use the delivery data to send a marketing mailshot without prior, documented, explicit consent for that use, and even then, only is sofar as you have said you would in the privacy policy. IANAL, but I don't think this is an issue for GC - indeed, for many years it was remarkably hard to get customer details out of GC to use for other purposes! Maf. ___ gnucash-user mailing list gnucash-user@gnucash.org To update your subscription preferences or to unsubscribe: https://lists.gnucash.org/mailman/listinfo/gnucash-user If you are using Nabble or Gmane, please see https://wiki.gnucash.org/wiki/Mailing_Lists for more information. - Please remember to CC this list on all your replies. You can do this by using Reply-To-List or Reply-All.
Re: [GNC] GDPR and data held in GnuCash
I found this a useful link [1] along with the rest of that website. The GDPRs apply to businesses and also to non-profits such as clubs. As I understand it all organisations have to have a Privacy Policy and need to get explicit agreement from all those they hold personal data on in order to keep their data. However I believe that any data that is required for 'contractual' reasons is not covered. When one sells anything there is an implicit (or explicit) contract so I assume (though I have no qualifications in this area) that customer data required for invoices and so on would not be covered. However if I were a business with customer data I would be asking my legal guy about this. Colin [1] https://ico.org.uk/for-organisations/resources-and-support/data-protection-self-assessment/ On 10 April 2018 at 12:51, Mike Evanswrote: > Is everyone aware of the impact of GDPR on their customers/vendors data > stored within GnuCash? I admit I've only just become aware of it and am > still puzzled as what I should do to be compliant. > > It seems I may have to either delete all my customer data or "repermission" > my existing customers and vendors in order to hold any data about them. I'm > not sure how GnuCash will behave if I delete customer data, given that I > can't do that via GnuCash and will have to "manually" edit my database (or > XML file in my case). I should probably file an enhancement request to add a > delete customer facility to GnuCash. > > It may be only applicable if you hold data for the purposes of mailing list > marketing. > > There may be issues if you backup or store your GnuCash data "in the cloud" > as this probably means moving data to servers based outside of the EU. In > which case it will have to be encrypted before transmission. I guess that > applies for server storage inside the EU too. Business users storing > unencrypted data in the "cloud" would fall foul of the regulations. > > There's a Wikipedia article at > https://en.wikipedia.org/wiki/General_Data_Protection_Regulation > > and there's https://www.eugdpr.org/ > > > Just a few discussion points. > Mike Evans > ___ > gnucash-user mailing list > gnucash-user@gnucash.org > To update your subscription preferences or to unsubscribe: > https://lists.gnucash.org/mailman/listinfo/gnucash-user > If you are using Nabble or Gmane, please see > https://wiki.gnucash.org/wiki/Mailing_Lists for more information. > - > Please remember to CC this list on all your replies. > You can do this by using Reply-To-List or Reply-All. ___ gnucash-user mailing list gnucash-user@gnucash.org To update your subscription preferences or to unsubscribe: https://lists.gnucash.org/mailman/listinfo/gnucash-user If you are using Nabble or Gmane, please see https://wiki.gnucash.org/wiki/Mailing_Lists for more information. - Please remember to CC this list on all your replies. You can do this by using Reply-To-List or Reply-All.
[GNC] GDPR and data held in GnuCash
Is everyone aware of the impact of GDPR on their customers/vendors data stored within GnuCash? I admit I've only just become aware of it and am still puzzled as what I should do to be compliant. It seems I may have to either delete all my customer data or "repermission" my existing customers and vendors in order to hold any data about them. I'm not sure how GnuCash will behave if I delete customer data, given that I can't do that via GnuCash and will have to "manually" edit my database (or XML file in my case). I should probably file an enhancement request to add a delete customer facility to GnuCash. It may be only applicable if you hold data for the purposes of mailing list marketing. There may be issues if you backup or store your GnuCash data "in the cloud" as this probably means moving data to servers based outside of the EU. In which case it will have to be encrypted before transmission. I guess that applies for server storage inside the EU too. Business users storing unencrypted data in the "cloud" would fall foul of the regulations. There's a Wikipedia article at https://en.wikipedia.org/wiki/General_Data_Protection_Regulation and there's https://www.eugdpr.org/ Just a few discussion points. Mike Evans ___ gnucash-user mailing list gnucash-user@gnucash.org To update your subscription preferences or to unsubscribe: https://lists.gnucash.org/mailman/listinfo/gnucash-user If you are using Nabble or Gmane, please see https://wiki.gnucash.org/wiki/Mailing_Lists for more information. - Please remember to CC this list on all your replies. You can do this by using Reply-To-List or Reply-All.