Omg look. I have gone on and on about accepting or declining cookies, I was actually furious these cookies could be installed and stayed for up to 30 Days my device . So all this time she has been breaking GDPR by not having this option on her website, almost nine months that website has been running . I along with others have mentioned this several times on here. Very strange that now she is taking Facebook ie to a High Court this is suddenly on her website.. I was under the assumption that GDPR was fairly serious matter and should be adhered to at all times?? Why is she allowed to get away with rule breaking?? Personal info including payment methods eg card details would have been entered/stored on her website to purchase items ??? As a one time business owner who sometimes took card payments over the phone etc , I was paranoid about doing everything correctly .
Has the sudden appearance of this accept/decline option down to the constant mentioning on Tattle in relation to this
(some were probably sick of my rants over cookies
) oh yes Tattle been well observed for sure ..
Following is copied and pasted.
Cc 1. Lawfulness, fairness and transparency
The first principle is relatively self-evident: organisations need to make sure their data collection practices don’t break the law and that they aren’t hiding anything from data subjects.
To remain lawful, you need to have a thorough understanding of the GDPR and its rules for data collection. To remain transparent with data subjects, you should state in your privacy policy the type of data you collect and the reason you’re collecting it.
2. Purpose limitation
Organisations should only collect personal data for a specific purpose, clearly state what that purpose is, and only collect data for as long as necessary to complete that purpose.
Processing that’s done for archiving purposes in the public interest or for scientific, historical or statistical purposes is given more freedom.
3. Data minimisation
Organisations must only process the personal data that they need to achieve its processing purposes. Doing so has two major benefits.
First, in the event of a data breach, the unauthorised individual will only have access to a limited amount of data. Second, data minimisation makes it easier to keep data accurate and up to date.
Accuracy
The accuracy of personal data is integral to data protection. The GDPR states that “every reasonable step must be taken” to erase or rectify data that is inaccurate or incomplete.
Individuals have the right to request that inaccurate or incomplete data be erased or rectified within 30 days.
5. Storage limitation
Similarly, organisations need to delete personal data when it’s no longer necessary.
How do you know when information is no longer necessary? According to marketing company Epsilon Abacus, organisations might argue that they “should be allowed to store the data for as long as the individual can be considered a customer.
So the question really is: For how long after completing a purchase can the individual be considered a customer?”
The answer to this will vary between industries and the reasons that data is collected. Any organisation that is uncertain how long it should keep personal data should consult a legal professional.
6. Integrity and confidentiality
This is the only principle that deals explicitly with security. The GDPR states that personal data must be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures”.
The GDPR is deliberately vague about what measures organisations should take, because technological and organisational best practices are constantly changing.
Currently, organisations should encrypt and/or pseudonymise personal data wherever possible, but they should consider if other options are suitable