- Joined
- Nov 25, 2004
- Location
- Finland
The issue is probably that they need to have everything documented, and they can't save anything from here.
The rest of the reps are making notes in our casino accounts and feel that that is enough. They can never give out anything from here anyway since most pm's that have been written over the years are deleted anyway.
So notes of where it comes from should be enough.
The thing with VS is that they still don't have it all to be saved. The issue is discussed in here and the only thing we are sending in an email is our username. That makes it totally worthless anyway
These are good points.
One of the key principles of GDPR is data minimisation, not the the opposite.
Article 5 - Principles relating to processing of personal data
1 Personal data shall be:
[...]
(c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);
[...]
Data protection by default and design require the implementation of data protection principles like data minimisation in an effective manner. It also requires that appropriate technical and organisational measures are implemented to ensure only necessary personal data (for each specific purpose of the processing) are processed.
I've witnessed some data controllers taking a view that they need to gather more data to be GDPR compliant. But that argument doesn't really hold up when you look at the regulation in its entirety.