General Data Protection Regulation (GDPR) Bill

Under this new bill General Data Protection Regulation (GDPR) ,would  any data held by the DWP/UJM accounts of claimant’s , will they have the right to have this data deleted. Therefore I wonder if the UJM could be classed as ‘social media’, as it seems to be focused on this area?  

The dictionary definition of social media is:

"Forms of electronic communication (such as websites for social networking and microblogging) through which users create online communities to share information, ideas, personal messages, and other content (such as videos)"..

While I don't use the UJM for my job search etc, it could be classed as a form of 'social-networking' between the claimant and the Work-Roach  ?




https://www.merriam-webster.com/dictionary/social%20media

http://www.bbc.co.uk/news/technology-40826062

https://www.theguardian.com/commentisfree/2017/aug/07/right-to-be-forgotten-data-protection-bill-ownership-identity-facebook-google

I think you are right there El-Dude.

If one compares it to F*c*b**k, users have a personal profile from which they can be identified by others. They are searchable via criteria (keywords rather than name in the case of UJM).

UJM facilitates contact between recruiters and job-seekers - so that meets the criteria for networking.

The DWP part of the relationship is analogous to voyeur / stalker, within the social media context. It is the only part of the interaction which has no potential to benefit the registered user (either recruiter or job-seeker), but does have the potential to harm job-seekers via harassment.

I am neither a F*c*b**k nor UJM user so correct me if I got anything wrong.

the answer would be no ujm is not based on a social media site

more like a site to record nearly every detail of yourself onto it therefore the gdpr system allows its users the right to be forgotten or deleted from there systems

they would be no way the dwp could use the reference of keeping the info on file for the prelonged period like they do now or that the dwp work programme systems could keep your files on there system to claim there outcome payment

any request to be removed from there system would have to be done and not by this governements say so that they could actually keep you on there files

another point is with the cookies system that annoying cookie that stays resident on your system for well over 1, 5 , 20 years like it does with ujm account and also with the .gov site

https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/

This overview highlights the key themes of the General Data Protection Regulation (GDPR) to help organisations understand the new legal framework in the EU. It explains the similarities with the existing UK Data Protection Act 1998 (DPA), and describes some of the new and different requirements. It is for those who have day-to-day responsibility for data protection.

This is a living document and we are working to expand it in key areas. It includes links to relevant sections of the GDPR itself, to other ICO guidance and to guidance produced by the EU’s Article 29 Working Party. The Working Party includes representatives of the data protection authorities from each EU member state, and the ICO is the UK’s representative.

The GDPR will apply in the UK from 25 May 2018. The government has confirmed that the UK’s decision to leave the EU will not affect the commencement of the GDPR.

The ICO is committed to assisting businesses and public bodies to prepare to meet the requirements of the GDPR ahead of May 2018 and beyond. We acknowledge that there may still be questions about how the GDPR would apply in the UK on leaving the EU, but this should not distract from the important task of compliance with the GDPR.

With so many businesses and services operating across borders, international consistency around data protection laws and rights is crucial both to businesses and organisations, and to individuals. The ICO’s role has always involved working closely with regulators in other countries, and that will continue to be the case. Having clear laws with safeguards in place is more important than ever given the growing digital economy, and we will work with government to stay at the centre of these conversations about the long term future of UK data protection law and to provide our advice and counsel where appropriate.
Who does the GDPR apply to?

The GDPR applies to ‘controllers’ and ‘processors’. The definitions are broadly the same as under the DPA – ie the controller says how and why personal data is processed and the processor acts on the controller’s behalf. If you are currently subject to the DPA, it is likely that you will also be subject to the GDPR.

If you are a processor, the GDPR places specific legal obligations on you; for example, you are required to maintain records of personal data and processing activities. You will have significantly more legal liability if you are responsible for a breach. These obligations for processors are a new requirement under the GDPR.

However, if you are a controller, you are not relieved of your obligations where a processor is involved – the GDPR places further obligations on you to ensure your contracts with processors comply with the GDPR.
The GDPR applies to processing carried out by organisations operating within the EU. It also applies to organisations outside the EU that offer goods or services to individuals in the EU.

The GDPR does not apply to certain activities including processing covered by the Law Enforcement Directive, processing for national security purposes and processing carried out by individuals purely for personal/household activities.

Further reading in the GDPR

See Articles 3, 28-31 and Recitals 22-25, 81-82

External link

What information does the GDPR apply to?

Personal data

Like the DPA, the GDPR applies to ‘personal data’. However, the GDPR’s definition is more detailed and makes it clear that information such as an online identifier – eg an IP address – can be personal data. The more expansive definition provides for a wide range of personal identifiers to constitute personal data, reflecting changes in technology and the way organisations collect information about people.

For most organisations, keeping HR records, customer lists, or contact details etc, the change to the definition should make little practical difference. You can assume that if you hold information that falls within the scope of the DPA, it will also fall within the scope of the GDPR.

The GDPR applies to both automated personal data and to manual filing systems where personal data are accessible according to specific criteria. This is wider than the DPA’s definition and could include chronologically ordered sets of manual records containing personal data.

Personal data that has been pseudonymised – eg key-coded – can fall within the scope of the GDPR depending on how difficult it is to attribute the pseudonym to a particular individual.


Sensitive personal data

The GDPR refers to sensitive personal data as “special categories of personal data” (see Article 9). These categories are broadly the same as those in the DPA, but there are some minor changes.

For example, the special categories specifically include genetic data, and biometric data where processed to uniquely identify an individual.

Personal data relating to criminal convictions and offences are not included, but similar extra safeguards apply to its processing (see Article 10).
Further reading in the GDPR

See Articles 2, 4, 9, 10 and Recitals 1, 2, 26, 51

on another note read the business side of it

https://www.whitecase.com/publications/alert/uk-implement-gdpr-regardless-brexit

an interesting read there eldude

another reference that goes into greater detail

The ten key questions – and nine answers – facing the public sector on GDPR

https://publictechnology.net/articles/features/ten-key-questions-%E2%80%93-and-nine-answers-%E2%80%93-facing-public-sector-gdpr

With the implementation of the EU General Data Protection Regulation now less than six months away, time is running out for public-sector bodies to find answers to any questions they might still have about the incoming law, and their compliance obligations.

The recent Implementing the GDPR in the Public Sector Summit, hosted in London by PublicTechnology parent company Dods, gathered together several hundred data, legal, and digital professionals in a bid to address any remaining uncertainties about what the regulation means for the public sector. Here are some of the major questions that were answered – and one that has yet to be.