Is GDPR a bit OTT?

It’s seems that the HSE dept that I deal with will no longer converse in emails due to GDPR and I’m wondering if they have taken it a bit too far.

For context - my father has required carers for some time now and at the beginning this was provided by the same agency the majority of the time. Last year the HSE had a recruitment drive and the same carers moved from being employed by the agency to directly employed by HSE.

Was chatting to one of the carers at the time about hours, mileage, general stuff and said to her could she not email her hours on. She said they wasn’t allowed to do this because of GDPR.

Coming up to Christmas letter from HSE arrives in post asking what days/times carers would be required over holiday period. I filled out form, took a photo and rang up for email address to send it back to. I was told it had to be posted because of GDPR.

HSE now have an embargo on recruitment again and have cut their direct employee hours/days and are using the services of different agencies. It’s been a complete mess with carers not turning up, not being allowed to do certain tasks anymore (that’s another story) and I don’t know who to expect from where and when. So, I called asking to be sent a copy of the rota not looking for individual names but just a breakdown of what days/times would we have HSE carers and what different agencies would be coming on which days (including contact details for office). You guessed it! No can do due to GDPR.

Is this what GDPR means?

dudara

GDPR is about the protection (during collection, storage, processing and disposal) of personal data.

It’s fundamentally a good thing, but too many organisations have either (a) misinterpreted it when implementing it or (b) are using it to cover their asses.

Richard Hillman

GDPR and that nonsense where you have to click to accept cookies on every single website. The EU wielding its nonsense.

Deebles McBeebles

Yes it is.

JohnnyFlash

I like it. A business tried to fück me over before Christmas and I put in a data access request under GDPR. Turns out they were forwarding my emails and personal info without permission. I’ve a complaint lodged and I look forward to them getting a fine, just so I can call into their office and tell the owner to go fück himself.

Utter Consternation

JohnnyFlash wrote: »

I like it. A business tried to fück me over before Christmas and I put in a data access request under GDPR. Turns out they were forwarding my emails and personal info without permission. I’ve a complaint lodged and I look forward to them getting a fine, just so I can call into their office and tell the owner to go fück himself.

Did www. inflatablesexdolls.ie use your personal data for nefarious purposes?

JohnnyFlash

JohnnyFlash wrote: »

I like it. A business tried to fück me over before Christmas and I put in a data access request under GDPR. Turns out they were forwarding my emails and personal info without permission. I’ve a complaint lodged and I look forward to them getting a fine, just so I can call into their office and tell the owner to go fück himself.

But in my case the personal data about my dad was with his (mine) approval. And the rota could have said HSE staff, Agency 1 staff, Agency 2 staff, etc.

Is GDPR only for electronic communications?

Anteayer

It's the HSE's interpretation of GDPR that’s the issue.
There’s nothing in it that prevents them from communicating with you by email other than possibly they don’t want a paper trail.

They were subject to domestic Freedom of Information laws before that and again that created issues.

Big bureaucracies tend to just jump on “computa says no” or “European regulations” non explanations because they’re an easy catch all.

Ah, send something in the post and they can always say “we never received it”. Send something electronically and the proof is there.

BattleCorp

Their excuse is a load of sh1te.

It's the same information regarding whether it is in a letter or in an email.

jimgoose

The problem isn't GDPR, GDPR is a positive and useful thing. The problem is the HSE, and the lengths they will go to in trying to prevent people from being able to prove what malevolently incompetent, lying fuckers they are.

Wibbs

Strawberry Milkshake wrote: »

Ah, send something in the post and they can always say “we never received it”. Send something electronically and the proof is there.

Good advice there. I was dealing with the HSE for a few years and got a couple of “we never received it” answers, so I took to sending the important stuff by registered post. Nipped that in the bud.

jimgoose

Wibbs wrote: »

Good advice there. I was dealing with the HSE for a few years and got a couple of “we never received it” answers, so I took to sending the important stuff by registered post. Nipped that in the bud.

That is textbook HSE.

So would this be all over the HSE or just a decision by the dept I deal with? Don’t want to get into an argument with them about it as I need them a lot more than they need me!

Just thought the reason for no email made no sense.

hairyprincess

Out of curiosity, what tasks are they not allowed to do anymore?

Mrs OBumble

Anteayer wrote: »

It's the HSE's interpretation of GDPR that’s the issue.
There’s nothing in it that prevents them from communicating with you by email other than possibly they don’t want a paper trail.

Not really true.

Sending by email is inherently insecure. Unless you have encryption in place, it's like writing the data on a postcard and sending it thru the mail.

Pre GDPR lots of organisations took the risk and emailed things anyway. But now there are big penalties if just one privacy freak justifiably complains about how their data is managed, so the organisations are saying "no, the risk is now too large".

So we all have to put up with the scenarios you describe.

Some are being too zealous - but for example in the agency vs HSE rota example there is the data of both the patient and the employees involved. Some privacy-freak families would even see the fact that someone in the family is getting home help as sensitive data.

JohnnyFlash

Utter Consternation wrote: »

Did www. inflatablesexdolls.ie use your personal data for nefarious purposes?

Never heard of them - not my scene. At least you found something to go down on you.

BattleCorp

hairyprincess wrote: »

Out of curiosity, what tasks are they not allowed to do anymore?

Work

Sultan of Bling

I find a lot of places try to get out of answering any sort of query by using the line "we can't disclose that due to GDPR".

When they use it on me, I always ask them under what section of the GDPR act are they referring to, cue stony silence.

Agencies can’t shave someone now just Incase they knick them. HSE can even though their qualifications and training are exactly the same.

Not an issue for us as there’s others around but if my dad was on his own, what with him being paralysed down one side of his body, would be a problem if all he had was agency staff.

The J Stands for Jay

Mrs OBumble wrote: »

. Some privacy-freak families would even see the fact that someone in the family is getting home help as sensitive data.

The legislation gets to decide what is sensitive data, not some oddball family member.

jimgoose

Mrs OBumble wrote: »

Not really true.

Sending by email is inherently insecure. Unless you have encryption in place, it's like writing the data on a postcard and sending it thru the mail.

Pre GDPR lots of organisations took the risk and emailed things anyway. But now there are big penalties if just one privacy freak justifiably complains about how their data is managed, so the organisations are saying "no, the risk is now too large".

So we all have to put up with the scenarios you describe.

Some are being too zealous - but for example in the agency vs HSE rota example there is the data of both the patient and the employees involved. Some privacy-freak families would even see the fact that someone in the family is getting home help as sensitive data.

I can guarantee you that the HSE are using the "GDPR" line for their own nefarious reasons, and not because they give a scuttery freestyle fuck about anyone's privacy.

Utter Consternation

JohnnyFlash wrote: »

Never heard of them - not my scene. At least you found something to go down on you.

Apologies compadre, seemed like the type of thing you'd be interested in.

My mistake.

McGaggs

McGaggs wrote: »

The legislation gets to decide what is sensitive data, not some oddball family member.

But I’m giving the permission for our family. When there’s a car outside that says “Carers” on it, everyone knows we’re getting assistance anyway.

JohnnyFlash

Utter Consternation wrote: »

Apologies compadre, seemed like the type of thing you'd be interested in.

My mistake.

No problems, hombre. They might have a model in stock that looks like Mary Lou McDonald - seems like the type of thing you might be into.

Utter Consternation

JohnnyFlash wrote: »

No problems, hombre. They might have a model in stock that looks like Mary Lou McDonald - seems like the type of thing you might be into.

I don't like to bring politics into my sex life. It's the anti-dote to a horn.

Seth Brundle

The HSE being over-zealous with the OP and at the same time not giving a shíte about another poster...
HSE Data Breach

branie2

I certainly think so

Was in a hospital in the midlands a few years ago. They had files stacked everywhere, in corridors etc. I am willing to bet much of it contained sensitive patient data. So much for GDPR only applying to electronic records and paper records being somehow safer !

uck51js9zml2yt

[Deleted User] wrote: »

Was in a hospital in the midlands a few years ago. They had files stacked everywhere, in corridors etc. I am willing to bet much of it contained sensitive patient data. So much for GDPR only applying to electronic records and paper records being somehow safer !

Gdpr only came into effect 25 may 2018.

Have you a point to make other than files could be taken by anyone for any purpose.?

TheChizler

My GF used to do some admin work for a HSE office pre GDPR days, she wasn't allowed to email any personal data, fair enough, but there was zero issue with faxing it. It would be so easy for you to put in the wrong fax number or for the wrong person to pick it up from the machine. Bizarre.

circadian

Richard Hillman wrote: »

GDPR and that nonsense where you have to click to accept cookies on every single website. The EU wielding its nonsense.

Just because you don't understand it doesn't mean it's ****.

dudara

dudara wrote: »

GDPR is about the protection (during collection, storage, processing and disposal) of personal data.

It’s fundamentally a good thing, but too many organisations have either (a) misinterpreted it when implementing it or (b) are using it to cover their asses.

I don't think it is a case of mis interpreting it, it is more a case of the legislation is new and as yet, fairly untested, so it is still open to being interpreted in different ways.

I work for a large multinational that has to send on customer name, address, email and phone numbers to sub contractors in order to provide services and it is giving us absolute nightmares. We are exactly the kind of company the EU would love to go after to demonstrate that the legislation has teeth so the fear of facing a €20m fine for ****ing up has meant that we have a large number of people running around making sure everything is in order...and then some.

Cee-Jay-Cee

The HSE is such a clusterfück that it’s only makes sense that they would use GDPR in the incorrect manner.

It’s also an excuse for them to loose stuff that they don’t want to disclose. Emails are easy to search through and track but a piece of paper can easily go missing when it suits.

McMurphy

Serious question here, but how does GDRP stand up to wing nuts putting pics of my kids up on Facebook, despite repeatedly being asked not to?

EmmetSpiceland

Johnny Dogs wrote: »

Serious question here, but how does GDRP stand up to wing nuts putting pics of my kids up on Facebook, despite repeatedly being asked not to?

No, apparently that falls under a “household exemption” but if you’ve asked them not to there might be a way of getting Facebook to take them down.

Mrs OBumble

McGaggs wrote: »

The legislation gets to decide what is sensitive data, not some oddball family member.

Sure, the judiciary gets to decide.

But for smaller organisations, even having to defend a vexatious, unjustified claim could be enough to put them out of business.

Big ones like the HSE have insurance and in house lawyers, but they do need to show they've implemented data management policies. And half- understood training related to this causes problems like the OPs

NewbridgeIR

Some companies simply don’t understand it.
I telephoned an insurance company with a routine query regarding the renewal date of my policy, passed all the security checks and they then refused to answer citing “we can’t under GDPR”.

AndrewJRenko

TheChizler wrote: »

My GF used to do some admin work for a HSE office pre GDPR days, she wasn't allowed to email any personal data, fair enough, but there was zero issue with faxing it. It would be so easy for you to put in the wrong fax number or for the wrong person to pick it up from the machine. Bizarre.

In fairness, the chances of finding another fax machine with a misplaced digit are slim, and decreasing all the time.

But your point stands - there as a false assumption that faxes are safe and emails are unsafe. This is gradually changing as more applications eliminate the need for emails or faxes, by allowing GPs to do referrals through the application, for example.

I cant speak about it under GDPR

Dravokivich

Mrs OBumble wrote: »

Not really true.

Sending by email is inherently insecure. Unless you have encryption in place, it's like writing the data on a postcard and sending it thru the mail.

Pre GDPR lots of organisations took the risk and emailed things anyway. But now there are big penalties if just one privacy freak justifiably complains about how their data is managed, so the organisations are saying "no, the risk is now too large".

So we all have to put up with the scenarios you describe.

Some are being too zealous - but for example in the agency vs HSE rota example there is the data of both the patient and the employees involved. Some privacy-freak families would even see the fact that someone in the family is getting home help as sensitive data.

Quite a bit go be said a bit your first paragraph there. I do some work with a public body as my customer and it took them a while to understand why I wouldn't send some data via email... when they reviewed internally they got an sftp setup. This isn't something thatd be possible for the public however.

But regarding your last statements. The individual doesn't decide what is, or isn't private data, nor is that what GDPR is for. My understand is GDPR is about retention of data, based on needs, and how it relates to individuals.

silverharp

i heard an advert on the radio by some ambulance chasing cnts trying to drum up compo claims for GDPR.

- bo -

GDPR OTT? IDK TBH.

WoollyRedHat

jimgoose wrote: »

The problem isn't GDPR, GDPR is a positive and useful thing. The problem is the HSE, and the lengths they will go to in trying to prevent people from being able to prove what malevolently incompetent, lying fuckers they are.

That should be on their epitaph, if we're ever lucky enough to see that day. I hope so, there's a good argument that when the organisation finally does get disbanded that it should be made into a public holiday.

Anteayer

I can assure you disbanding the HSE wouldn't solve anything. Before it came into existence there were countless mini HSEs all of which were a nightmare and the minister for health spent their time trying to herd a flock of deeply uncooperative cats and being made take political responsibly for them.

We need absolute root and branch health reform here and to tackle all sorts of vested interests, many of whom but end up working on narrow sectoral interests, often very much in a positive way but if were all pulling different directions nothing works.

The problem is we never had an NHS style major radical reform. We just kept old systems going and expanded the public funding without any kind of management or structural reform and it's now at the stage where it's almost unreformable because it's so long established.

Floppybits

Anteayer wrote: »

I can assure you disbanding the HSE wouldn't solve anything. Before it came into existence there were countless mini HSEs all of which were a nightmare and the minister for health spent their time trying to herd a flock of deeply uncooperative cats and being made take political responsibly for them.

We need absolute root and branch health reform here and to tackle all sorts of vested interests, many of whom but end up working on narrow sectoral interests, often very much in a positive way but if were all pulling different directions nothing works.

The problem is we never had an NHS style major radical reform. We just kept old systems going and expanded the public funding without any kind of management or structural reform and it's now at the stage where it's almost unreformable because it's so long established.

The chance was there to reform the Health service when the HSE was being set up but FF in their infinite wisdom decided that when combining the health boards into one their would be no job losses. A decision we are paying for today.

Seth Brundle

Like most public restructuring by politicians there can be absolutely no offending of the unions

AndrewJRenko

WoollyRedHat wrote: »

That should be on their epitaph, if we're ever lucky enough to see that day. I hope so, there's a good argument that when the organisation finally does get disbanded that it should be made into a public holiday.

To be replaced with?

erica74

This isn't unique to the HSE, the majority of GPs seem to have thrown out their fax machines due to their interpretation of GDPR and faxes being "unsecured". Everyone needs to have common sense. I would also like to point out that members of the public are also pushing it too far - for example, members of the public visiting hospitals and making complaints to the data protection commissioner about names being called out loud in waiting areas, patient names being visible on charts being carried around by members of staff while they go about their duties.

Gimme A Pound

I'm no fan of how the HSE is (not) run but GDPR is a pain in the hole at times when you're having to deal with members of the public. It is completely OTT. Obviously nobody objects to personal data being protected (well, when it suits for some, mind - plenty of "but he's my husband, I should be able to talk about his account") but there are so many unnecessary strands to it and zero common sense. I'm not anti EU but it is the kind of bureaucracy that gives them a bad name.

Companies are so terrified of breaching it that they're being extra cautious, resulting in customers not getting the service they require. It's not fair on either.

AudreyHepburn

The concept of GDPR is good and necessary. The problem is the way it’s been implemented. It’s untested so non-one what constitutes a serious breach and no-one wants to be first company fined so there’s no leeway given. It also doesn’t allow for human error and seems to assume that any breach is done as a result of serious negligence or done with malicious intent.

And the customer then falls into the same way of thinking so that a simple spelling error that could be rectified in seconds spirals into a formal complaint when it really doesn’t need to.