undefined | Better HN

0 pointsicebraining8y ago0 comments

My question is more, what if you don't know it has personal data? Say you're just a generic document storage & sharing service, and someone uploads a generic PDF or Word, but which happens to contain personal data. Surely you're not expect to treat any possible data you receive as personal, just in case?

0 comments

mbrookes8y ago

If you're providing a consumer storage service, and users are uploading their own data for personal use, this is outside the remit of GDPR.

If you're providing a storage service to a business that handles personal data, your a data processor, not a data controller.

If you're the data controller, you need a classification technology that can identify personal data in those documents (amongst other capabilities).

As always, there are exceptions, but that's the general rule.

icebrainingOP8y ago

Thanks!

j / k navigate · click thread line to collapse