Google appeals record GDPR fine

Google GDPR fineGoogle is appealing the record breaking fine for GDPR violations in France. The new European Data protection law (adopted in to UK law as Data Protection Act 2018) sets out rules nd regulations for the way that personal data is collected and how people have a right to know what is collected and how it is being used and furthermore be able to see and opt out of data collection. It also imposes an Opt-out default stance which means that companies are supposed to presume you do not want them to collect or use your data, including for marketing emails unless you specifically give permission. In simple terms this means that the tick box asking if you want to be included in their marketing emails must be unticked by default until you tick it. It also means that they must keep and be able to prove for each person that they requested the communication or data retention and can opt out again as easily. It gives people the right to control over their personal data, something that was missing in Europe.

The latest fine imposed on Google is for a breach of this new law and the fact that they do not inform people correctly how they collect the data and how they are using it to serve them with advertising, something that anyone in the industry understands but now has to be explained to everyone so that they understand it. You can read more on What Google and other social media and FREE apps do with your data in our new article:

Google has recently been slapped with much larger fines, such as the $5 billion fine for anti-competitive Android practices and the $2.7 billion fine ever Google shopping, but this one is the largest to date for a GDPR breach.

To get your company, website and network checked for GDPR compliance, submit a support ticket.

EU Fines Google for GDPR breach

Stay Safe

CritchCorp Computers Ltd

Why pay for email when Gmail is free?

This is a question we are often asked:

Why should I pay for email when I can get Google Mail for Free?

There are many reasons for this; we usually don’t need to mention more than a couple before people understand the importance of paid versus free email.

Firstly, I believe that if you use email for business then it is not a good sign for your business if you use insecure free email to keep customer data. The fact that you can’t or won’t attempt to look professional and keep the basics, email, secure as possible, is a big indicator of other parts of your business where you may not have adequate standards and for many that mean potential clients will be put off. I personally will not use anyone who uses a free email address for any type of business. Using your own domain and email is not necessarily expensive and is no guarantee of anything, but it is the first hurdle and if you fail here it doesn’t matter that you have any awards for this and that and customer comments and reviews because I will not entertain the idea. This is shared by many people that I know. Remember that fraudsters generally don’t bother to use their own domain name as they need to keep costs down and be able to change at the drop of a hat, so they use free email. Most people who sign up to us with free email accounts were just fraudsters trying their luck with us, that is why we no longer accept free email account signups.

Even if you don’t use it for work or business then it’s better to have your own domain and email that you can control. Anyone can get a free email from Google and most fraudsters use Gmail or some other free email account to con people all the time, so you really will put some people off from even looking at you if your email address is a free account. I know that I will not entertain any business that uses them and one of the main reasons is below.

Read More

CritchCorp Computers Ltd completes GDPR compliance

There has been a lot of new about the new General Data Protection Regulations (GDPR) and it seems that every five minutes we are receiving a new email from someone telling us that they are now GDPR compliant and / or they need you to opt in to their mailing list, even those companies that we had long forgotten about. We at CritchCorp Computers Ltd have also undertaken this endeavour recently, carrying out many internal assessments to ensure that we are compliant with the new laws and sending out emails to everyone to ensure that they know about it and have the opportunity to opt in, as required by the new laws, to our mailing list for Alerts, News and marketing emails and updating privacy policies and the like.

We started looking in to it in a serious way a few months ago and realised that, whilst it was very similar to the UK data protection laws already in place there were some significant differences; differences that we had already been trying to incorporate in to our business anyway; that is, your data is yours – always. To this end we have never been a fan of sending mass emails because we could never really be sure that everyone receiving the emails would want them, so we didn’t. We instead used social media sites such as Twitter to send notifications to our followers that a new Alert, News article or promotion was available on our Blog. Unfortunately, the big social media sites care less about security of personal data and more about profit, so some years ago we stopped using them too. This has caused some clients to complain about the lack of communication.

The biggest part that will affect many companies and the way they do business is one of the biggest things we hate anyway. SPAM and bulk/mass mailings. We have some magnificent spam filtering technologies that we use and we offer our customers in order to keep them safe and their inboxes free of unwanted bulk emails and unsolicited emails. The new laws, which come in to effect on the 25th May 2018 will make it harder for those companies that rely on getting names and email addresses from third parties in order to send marketing emails to. Whilst some of these lists have been honestly and reliably obtained with the consent of the person giving it, most are not, they are harvested from websites and stolen emails and stolen databases which can be sold on dozens of times to other list makers who combine them together to make new lists. This means that your email can be sold on several different lists and opting out of the original list will not get you out of the multiple other lists. For any company doing business in or with the EU from 25th May 2018 they will not be able to use these list unless they can prove that they themselves have permission from the person who owns the data (that is to say the email address and name owner not the list owner). The list owner must keep a record of the permission given by the data subject and evidence. That is because personal data is personal. Your name and email address, and everything else personal about you, is your data and you own it. No one can see or even store that data without your say so, anymore. There are some obvious exclusions; for instance if you buy a domain name, then you are required to hand over your personal data, such as name, billing address, etc. This is required by the contract between you and the registrar (us) and will be shared with the registry, it can’t work without it. In the past much of this data was available online about who had bought a domain name and how to contact them, this will no longer be the case and so this brings us to a point that will be covered in a new posting soon but you need to ensure you have your domain name data up-to-date because it will become next to impossible to recover after the 25th if your data is out of date and you lose access to the recovery email or don’t know what it is. (More about that in a later article).

There are much stronger penalties for companies and individuals who break these laws, up to €10 million or 2% of global turnover, whichever is the higher. That is probably the single biggest motivator for all these companies to finally start taking your data protection seriously. We have always been an advocate of security and do our best to keep things secure. The new reporting obligations under the new laws are also scary when you look at them for the first time. For instance if the postman comes in to deliver a letter and happens to look at the screen whilst you have a customer’s details on the screen; that is a data breach and needs to be reported to the ICO. There are greater penalties under the new law and so you must keep people’s data (data subjects) safe and people have the right to have their data kept safe. If you use personal data then you must have a lawful purpose to do so and the permission of the person to use it and furthermore that permission to use it can be withdrawn at any time in the future. This does go somewhat above what is currently allowed in the law. There are also specific rules for reporting and disclosing data breeches, for example from being hacked and having your database stolen.

As a result of not using social media customers have been complaining about the lack of communication about new products, so while we were getting ready for GDPR we have revamped our website, incorporating the old blog in to it and ensuring that we have all the tools setup to inform those who want to be informed and leave those alone who don’t. we will now use the mass mailing technology that we have for sending out Alerts, News and special offers at least to point you to our News pages to read the full story or get the full details of the promo codes but now that you will defiantly only receive emails if you want them and with not using the big social media sites anymore you can be sure to get as much as you want from us and no more. You can always drop by the news pages to get informed without invitation.

GDPR gives you more freedom to have your data removed, with the right to be forgotten being the biggest amendment going in this section of the regulations, which comes from the Google case in the European courts. You have the right to have old and out of date data removed from searches in search engines such as Google, Bing, Yahoo, etc. This was of course somewhat catered for under the existing UK Data Protection Act in that all data that was held about you had to be correct and relevant and not held for longer than is necessary. If it was not correct you could have it corrected. The new GDPR should make it easier as well as extending these rights to have information you deem not relevant or damaging removed from certain places or views.

On the whole people should feel safer to get their data back and the hope is that you will not receive as much spam as you have done but the problem there is that the bad guys don’t really care about the laws (that’s why they are bad guys) and they will probably still send you emails that look like they come from someone else so you will still need to keep your guard up and check that the email you received is actually from the person it says it is from.

We made everyone, who hadn’t specifically said ‘yes’ to being on our mailing list, opt out of our mailing list so if you want to receive Alerts, News and marketing emails (which we don’t send too many of) then you need to login to your account and say yes to receiving them; remember you can always opt out again if you want to; hopefully everyone will be doing this from now on. Opt Out by default is the law from the 25th May 2018.

We are GDPR compliant.

Surf safe and stay alert, they are still watching you.

CritchCorp Computers Ltd