Re: [GNC] GDPR and data held in GnuCash

2018-04-10 Thread Mike Evans 
On Tue, 10 Apr 2018 13:54:16 +0100
"Maf. King"  wrote:

> On Tuesday, 10 April 2018 13:24:55 BST Colin Law wrote:
> 
> > However I believe that any data that is required for 'contractual'
> > reasons is not covered.  When one sells anything there is an implicit
> > (or explicit) contract so I assume (though I have no qualifications in
> > this area) that customer data required for invoices and so on would
> > not be covered.  However if I were a business with customer data I
> > would be asking my legal guy about this.
> >   
> 
> That is basically what I've been advised.  If you sell stuff, then you are 
> able to hold invoice & delivery details for the purposes of that transaction 
> (and future transactions too)  Also, in the case of the invoice address, 
> there 
> is no "right to be forgotten" as it is statutory info that you have to hold 
> for the tax authorities to inspect (should they wish to).
> 
> What you can't do  for example, is use the delivery data to send a marketing 
> mailshot without prior, documented, explicit consent for that use, and even 
> then, only is sofar as you have said you would in the privacy policy.
> 
> IANAL, but I don't think this is an issue for GC  - indeed, for many years it 
> was remarkably hard to get customer details out of GC to use for other 
> purposes!
> 
> Maf.
> 
> 

Good points and now having read:

https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/contract/

I'm inclined to agree that this is not an issue for GnuCash.
It seems though that I need to document this as part of company policy.

Mike E
___
gnucash-user mailing list
gnucash-user@gnucash.org
To update your subscription preferences or to unsubscribe:
https://lists.gnucash.org/mailman/listinfo/gnucash-user
If you are using Nabble or Gmane, please see 
https://wiki.gnucash.org/wiki/Mailing_Lists for more information.
-
Please remember to CC this list on all your replies.
You can do this by using Reply-To-List or Reply-All.

Re: [GNC] GDPR and data held in GnuCash

2018-04-10 Thread Maf. King 
On Tuesday, 10 April 2018 13:24:55 BST Colin Law wrote:

> However I believe that any data that is required for 'contractual'
> reasons is not covered.  When one sells anything there is an implicit
> (or explicit) contract so I assume (though I have no qualifications in
> this area) that customer data required for invoices and so on would
> not be covered.  However if I were a business with customer data I
> would be asking my legal guy about this.
> 

That is basically what I've been advised.  If you sell stuff, then you are 
able to hold invoice & delivery details for the purposes of that transaction 
(and future transactions too)  Also, in the case of the invoice address, there 
is no "right to be forgotten" as it is statutory info that you have to hold 
for the tax authorities to inspect (should they wish to).

What you can't do  for example, is use the delivery data to send a marketing 
mailshot without prior, documented, explicit consent for that use, and even 
then, only is sofar as you have said you would in the privacy policy.

IANAL, but I don't think this is an issue for GC  - indeed, for many years it 
was remarkably hard to get customer details out of GC to use for other 
purposes!

Maf.



___
gnucash-user mailing list
gnucash-user@gnucash.org
To update your subscription preferences or to unsubscribe:
https://lists.gnucash.org/mailman/listinfo/gnucash-user
If you are using Nabble or Gmane, please see 
https://wiki.gnucash.org/wiki/Mailing_Lists for more information.
-
Please remember to CC this list on all your replies.
You can do this by using Reply-To-List or Reply-All.

Re: [GNC] GDPR and data held in GnuCash

2018-04-10 Thread Colin Law 
I found this a useful link [1] along with the rest of that website.
The GDPRs apply to businesses and also to non-profits such as clubs.
As I understand it all organisations have to have a Privacy Policy and
need to get explicit agreement from all those they hold personal data
on in order to keep their data.

However I believe that any data that is required for 'contractual'
reasons is not covered.  When one sells anything there is an implicit
(or explicit) contract so I assume (though I have no qualifications in
this area) that customer data required for invoices and so on would
not be covered.  However if I were a business with customer data I
would be asking my legal guy about this.

Colin

[1] 
https://ico.org.uk/for-organisations/resources-and-support/data-protection-self-assessment/

On 10 April 2018 at 12:51, Mike Evans  wrote:
> Is everyone aware of the impact of GDPR on their customers/vendors data 
> stored within GnuCash?  I admit I've only just become aware of it and am 
> still puzzled as what I should do to be compliant.
>
> It seems I may have to either delete all my customer data or "repermission" 
> my existing customers and vendors in order to hold any data about them. I'm 
> not sure how GnuCash will behave if I delete customer data, given that I 
> can't do that via GnuCash and will have to "manually" edit my database (or 
> XML file in my case). I should probably file an enhancement request to add a 
> delete customer facility to GnuCash.
>
> It may be only applicable if you hold data for the purposes of mailing list 
> marketing.
>
> There may be issues if you backup or store your GnuCash data "in the cloud" 
> as this probably means moving data to servers based outside of the EU. In 
> which case it will have to be encrypted before transmission. I guess that 
> applies for server storage inside the EU too. Business users storing 
> unencrypted data in the "cloud" would fall foul of the regulations.
>
> There's a Wikipedia article at 
> https://en.wikipedia.org/wiki/General_Data_Protection_Regulation
>
> and there's https://www.eugdpr.org/
>
>
> Just a few discussion points.
> Mike Evans
> ___
> gnucash-user mailing list
> gnucash-user@gnucash.org
> To update your subscription preferences or to unsubscribe:
> https://lists.gnucash.org/mailman/listinfo/gnucash-user
> If you are using Nabble or Gmane, please see 
> https://wiki.gnucash.org/wiki/Mailing_Lists for more information.
> -
> Please remember to CC this list on all your replies.
> You can do this by using Reply-To-List or Reply-All.
___
gnucash-user mailing list
gnucash-user@gnucash.org
To update your subscription preferences or to unsubscribe:
https://lists.gnucash.org/mailman/listinfo/gnucash-user
If you are using Nabble or Gmane, please see 
https://wiki.gnucash.org/wiki/Mailing_Lists for more information.
-
Please remember to CC this list on all your replies.
You can do this by using Reply-To-List or Reply-All.

[GNC] GDPR and data held in GnuCash

2018-04-10 Thread Mike Evans 
Is everyone aware of the impact of GDPR on their customers/vendors data stored 
within GnuCash?  I admit I've only just become aware of it and am still puzzled 
as what I should do to be compliant.

It seems I may have to either delete all my customer data or "repermission" my 
existing customers and vendors in order to hold any data about them. I'm not 
sure how GnuCash will behave if I delete customer data, given that I can't do 
that via GnuCash and will have to "manually" edit my database (or XML file in 
my case). I should probably file an enhancement request to add a delete 
customer facility to GnuCash.

It may be only applicable if you hold data for the purposes of mailing list 
marketing.

There may be issues if you backup or store your GnuCash data "in the cloud" as 
this probably means moving data to servers based outside of the EU. In which 
case it will have to be encrypted before transmission. I guess that applies for 
server storage inside the EU too. Business users storing unencrypted data in 
the "cloud" would fall foul of the regulations.

There's a Wikipedia article at 
https://en.wikipedia.org/wiki/General_Data_Protection_Regulation 

and there's https://www.eugdpr.org/


Just a few discussion points.
Mike Evans
___
gnucash-user mailing list
gnucash-user@gnucash.org
To update your subscription preferences or to unsubscribe:
https://lists.gnucash.org/mailman/listinfo/gnucash-user
If you are using Nabble or Gmane, please see 
https://wiki.gnucash.org/wiki/Mailing_Lists for more information.
-
Please remember to CC this list on all your replies.
You can do this by using Reply-To-List or Reply-All.