IUBENDA Lifetime Deal - Get GDPR, CCPA, LGPD compliant now!

YmpkerYmpker OGContent Writer
edited November 2021 in General

IUBENDA are one of the well established legal-text generators out there that allow you to make your website GDPR/CCPA/LGPD compliant. You can generate Privacy Policies, ToS and Cookie Policies in various languages and, while they usually charge you yearly, there seems to be a lifetime deal going on on Appsumo: https://appsumo.com/products/iubenda/#appsumo-plans

IUBENDA apparently integrates with just about 1600+ services, so odds are, whatever you are using on your website (Google Fonts, Google Ads, Shortpixel AI, Cloudflare, YouTube..) may already be covered.

This is especially great, because you are still entitled to updates of your legal texts if law changes ;)

Official website: https://www.iubenda.com/en/

Tagging people that might need this: @bikegremlin @vyas @Chievo Could save you guys some bucks as you could just edit/update your privacy policy and other legal texts with a couple of clicks ;)

Thanked by (2)vyas bikegremlin
«1

Comments

  • Is it worth it?

    https://duck.com (aff)
    https://ecosia.org (aff) Plant trees from home.
    "If you are not paying for a product then you are the product."

  • YmpkerYmpker OGContent Writer
    edited November 2021

    @g4m3r said:
    Is it worth it?

    I haven't used them myself, because I use another service for that purpose. They do offer translations to various languages which is why I figured the offer might be interesting to some people here.

    What I can say, in general, is that after having been a Web Designer for many years now, never have there been so many new regulations popping up one after another. There are so many things you need to take into account these days when building a website that you basically have to use one of those (paid/freemium) legal-text service providers. Usually, for a monthly/yearly sub, you get to generate your privacy policy and imprint to comply with GDPR etc., along with automatic updates if law changes. You could also hire a lawyer, but that usually doesn't include automatic updates (or it is way more expensive) so I usually direct my clients to IT-Recht Kanzlei (from Germany) these days. They charge about 5€/mo to make your website GDPR compliant in terms of imprint&privacy policy. There are also free generators but most are lacking or hiding essential/important clauses behind a paywall (e.g. if you use YouTube on your website, or Cloudflare, Stackpath...).

    Regardless what solution you pick. I'd definitely get one of those legal-text generator services/or consult a lawyer if you are building a website in 2021 and you are living within Europe (esp. Germany).

    Thanked by (1)bikegremlin
  • I don't like they're hosting my documents. Overall good offer though, especially with the available translations.

    Thanked by (1)Ympker
  • YmpkerYmpker OGContent Writer
    edited November 2021

    @webcraft said:
    I don't like they're hosting my documents. Overall good offer though, especially with the available translations.

    Unfortunately, that is the case with most of these services. If by Hosting your documents you mean that they are storing them on their servers. If you only mean you don't want to embed the legal texts via a short-code by them but rather paste the thing as plain text/PDF, most of these services let you copy the texts once the have been generated. Usually, it makes more sense to embed them via their code or plugin (e.g. some providefs have Wordpress plugins) if you want updates to be automatically applied, though. You could, of course, also consult a local lawyer. That's, however, likely more expensive and usually a one-off thing. With laws/rules ever changing you'd probably need something more adaptive, though. Rather than the lawyer re-drafting/adjusting your terms every year for quite a lot of money, that's where legal-smart providers come in (like eg Iubenda).

    Thanked by (1)webcraft
  • Yeah I know a few companies here that are considering that offer. Anyway: you need to create a brand-new iubenda account (you can't upgrade nor use those codes on existing "regular" accounts)
    iubenda is pretty famous, at least locally.

    Thanked by (1)Ympker
  • edited November 2021

    @Ympker said:

    @webcraft said:
    I don't like they're hosting my documents. Overall good offer though, especially with the available translations.

    Unfortunately, that is the case with most of these services. If by Hosting your documents you mean that they are storing them on their servers. If you only mean you don't want to embed the legal texts via a short-code by them but rather paste the thing as plain text/PDF, most of these services let you copy the texts once the have been generated. Usually, it makes more sense to embed them via their code or plugin (e.g. some providefs have Wordpress plugins) if you want updates to be automatically applied, though.

    Yes, auto updates is pretty comfortable but quite a few users have NoScript or such installed and than it won't load for them. It might be none of my business if they supress it by their setup, however, it comes to requests which would make me nervouse.

    Thanked by (1)Ympker
  • YmpkerYmpker OGContent Writer
    edited November 2021

    @webcraft said:

    @Ympker said:

    @webcraft said:
    I don't like they're hosting my documents. Overall good offer though, especially with the available translations.

    Unfortunately, that is the case with most of these services. If by Hosting your documents you mean that they are storing them on their servers. If you only mean you don't want to embed the legal texts via a short-code by them but rather paste the thing as plain text/PDF, most of these services let you copy the texts once the have been generated. Usually, it makes more sense to embed them via their code or plugin (e.g. some providefs have Wordpress plugins) if you want updates to be automatically applied, though.

    Yes, auto updates is pretty comfortable but quite a few users have NoScript or such installed and than it won't load for them. It might be none of my business if they supress it by their setup, however, it comes to requests which would make me nervouse.

    I edited my reply above but tl;dr: Most of these legal-smart providers let you choose whether you want to use their integration, or you just want to copy the text in a Word document and make it a pdf, or copy the plain text to your website manually etc. In that case, any updates are usually only applied in your user area at the legal-smart provider and you'd need to (ideally every x months) check for updates and/or just re-paste the legal texts to make sure they are up to date. Their integration just makes it more convenient.

    As for cookie banners: Those you probably need to embed, though.

    Edit:
    Their site scanner seems pretty cool, too: https://www.iubenda.com/en/help/19004-how-to-use-the-site-scanner-from-within-the-generator

  • vyasvyas OGContent Writer

    You just gave me an idea @Ympker

    Government of India recently adopted some new data privacy laws. I might have to create something anyways. In local context…

    Thanked by (1)Ympker
  • Please note that Iubenda considers "Internal Privacy Management" something not usually included in smaller plans, and it's allegedly required for GDPR compliance.

    https://www.iubenda.com/en/help#heading-eutoolbox

    The "Internal Privacy Management" "toolbox" isn't included usually not even in their "PRO" packages, and that's +$39/mo if you want to purchase it as a "stand-alone" product.
    The "Internal Privacy Management" toolbox is included only in their top-tier bundle, that is, the $177.00 one (usually marketed at $1500)(for real)
    So you should buy the largest bundle (if any at all) for actual compliance. Otherwise complianz or cookiebot or something else could be more suitable for you, since (AFAIK) they always consider this "package" as included

    They're constantly up-to-date with current EU legislation (with an emphasis on Italian peculiarities, probably) and most agencies have bronze (or better) partnership with them, just to be sure they're compliant and be done with it

    Thanked by (3)g4m3r bikegremlin Ympker
  • @mfs said: The "Internal Privacy Management" "toolbox" isn't included usually not even in their "PRO" packages

    I had a doubt about this and double checked with someone who's using them... the main issue is that their "standard" PRO licenses don't have a "Record of Consent", included in tools like Cookiebot or Complianz; you need to upgrade the licence to at least 50k pageviews in order to have a "free" "Record of Consent" in iubenda (they call it "Cookie Preference Log")

    The "Internal Privacy Management" is a tool they constantly pitch and consider absolutely necessary if you're dealing with input/orders from customers whenever you don't have a DPO in your organization

    So,

    ERRATA CORRIGE

    The "Single plan" on Appsumo is actually a 5-licence plans and it includes 50k pageviews, so it won't arguably need an add-on for the "Cookie Preference Log"; and if you don't take inputs from your visitors (e.g. e-commerce) you may not need the "Internal management" thing

    TL;DR just pretend you're not from Europe is someone knocks at your door

    Thanked by (3)g4m3r bikegremlin Ympker
  • This service is a good idea but perhaps too much expensive to resell.

    Thanked by (1)Ympker
  • YmpkerYmpker OGContent Writer
    edited November 2021

    @mfs said:

    @mfs said: The "Internal Privacy Management" "toolbox" isn't included usually not even in their "PRO" packages

    I had a doubt about this and double checked with someone who's using them... the main issue is that their "standard" PRO licenses don't have a "Record of Consent", included in tools like Cookiebot or Complianz; you need to upgrade the licence to at least 50k pageviews in order to have a "free" "Record of Consent" in iubenda (they call it "Cookie Preference Log")

    The "Internal Privacy Management" is a tool they constantly pitch and consider absolutely necessary if you're dealing with input/orders from customers whenever you don't have a DPO in your organization

    So,

    ERRATA CORRIGE

    The "Single plan" on Appsumo is actually a 5-licence plans and it includes 50k pageviews, so it won't arguably need an add-on for the "Cookie Preference Log"; and if you don't take inputs from your visitors (e.g. e-commerce) you may not need the "Internal management" thing

    TL;DR just pretend you're not from Europe is someone knocks at your door

    Thanks for clarifying! Very good to know this.
    Still: If you don't want an AIO solution, couldn't you just generate imprint+privacy policy with Iubenda's smallest plan on appsumo and use smth like Cookiebot/Consentmanager/Complianz as a cookie solution? You are not forced to use Iubenda for that, right? Of course, it might make sense to have an AIO solution, but e.g. IT-Recht Kanzlei also only offer the legal texts and refer to Consentmanager and other Cookie Compliance tools for cookies. The free plan of Consentmanager has served me well so far.

    @vyas said:
    You just gave me an idea @Ympker

    Government of India recently adopted some new data privacy laws. I might have to create something anyways. In local context…

    You are welcome, mate! Legal-Smart solutions are like a gold mine these days. At least in Germany, where we have companies with "Abmahnanwälten" who are lawyers specialized in automatically scraping website's legal texts for breaches in GDPR/imprint/legal texts and then sue them for the "fun" of it.

  • awesome offer, thanks for posting. sad that you'd need to create a new account and essentially with that would need to set everything up from scratch. service is prem anyway.

    Thanked by (1)Ympker
  • vyasvyas OGContent Writer
    edited November 2021

    @Ympker said:

    You are welcome, mate! Legal-Smart solutions are like a gold mine these days. At least in Germany, where we have companies with "Abmahnanwälten" who are lawyers specialized in automatically scraping website's legal texts for breaches in GDPR/imprint/legal texts and then sue them for the "fun" of it.

    I hear Lawyers suing corporate sites in US for non compliance with accessibility standards under ADA (Americans with Disabilities Act) is also big business.

    tl; dr


    I was going to publish privacy policy in हिंदी ..... that is what struck me I should do when I read your post.
    Thanked by (1)Ympker
  • YmpkerYmpker OGContent Writer
    edited November 2021

    @Falzo said:
    awesome offer, thanks for posting. sad that you'd need to create a new account and essentially with that would need to set everything up from scratch. service is prem anyway.

    So you have tried them, then? Could you elaborate a bit for what you used them in particular and what stood out to you?

  • @Ympker said:

    @Falzo said:
    awesome offer, thanks for posting. sad that you'd need to create a new account and essentially with that would need to set everything up from scratch. service is prem anyway.

    So you have tried them, then? Could you elaborate a bit for what you used it in particular and what stood out to you?

    with my (former) company we picked iubenda when GDPR was about to get serious and are using it ever since for an automatically generated privacy policy, cookie solution with blocking prior consent, also in-app eula stuff... it just works and you don't need to worry about updating shit. only if you add new integrations, tracking, whatever to your page you might need to add the related modules within the iubenda dashboard.

    haven't used it in connection with wordpress or the likes though, the company page is within hubspot. the pro lifetime plan is f*cking cheap compared to the recurring subscription costs for the same things (I think it's about 600-800 yearly or so)

    gonna forward that offer, probably worth setting up everything again, even if it has to be a new account.

    Thanked by (2)Ympker mfs
  • YmpkerYmpker OGContent Writer

    @Falzo said:

    @Ympker said:

    @Falzo said:
    awesome offer, thanks for posting. sad that you'd need to create a new account and essentially with that would need to set everything up from scratch. service is prem anyway.

    So you have tried them, then? Could you elaborate a bit for what you used it in particular and what stood out to you?

    with my (former) company we picked iubenda when GDPR was about to get serious and are using it ever since for an automatically generated privacy policy, cookie solution with blocking prior consent, also in-app eula stuff... it just works and you don't need to worry about updating shit. only if you add new integrations, tracking, whatever to your page you might need to add the related modules within the iubenda dashboard.

    haven't used it in connection with wordpress or the likes though, the company page is within hubspot. the pro lifetime plan is f*cking cheap compared to the recurring subscription costs for the same things (I think it's about 600-800 yearly or so)

    gonna forward that offer, probably worth setting up everything again, even if it has to be a new account.

    Thanks! That sounds great and at that price seems to really be a steal considering that most other (proper) legal-smart solutions charge you way more😅

  • Thanks for the info @Ympker - I'll pass it for now though. :(

    Rant:

    Decided to not spend any more time nor any money on that lawyer/bureaucrat induced nonsense until I'm forced to.
    Running with free solutions - Google's own (unlimited and not run on my server) for my websites, and the free CookieYes WP plugin for my webshop (since it doesn't use AdSense).

    On paper that looks OK. The rest doesn't matter anyway.

    According to analytics, over the past months, only I visited my websites' privacy policy pages! :)

    For any clients - I suggest they pay for lawyers to write the policy (since it doesn't have much to do with the technical stuff anyway, not really) and get a solution the GDPR lawyers/"experts" recommend.

    Thanked by (1)Ympker

    BikeGremlin
    Mostly harmless ™

  • YmpkerYmpker OGContent Writer
    edited November 2021

    @bikegremlin said:
    Thanks for the info @Ympker - I'll pass it for now though. :(

    Rant:

    Decided to not spend any more time nor any money on that lawyer/bureaucrat induced nonsense until I'm forced to.
    Running with free solutions - Google's own (unlimited and not run on my server) for my websites, and the free CookieYes WP plugin for my webshop (since it doesn't use AdSense).

    On paper that looks OK. The rest doesn't matter anyway.

    According to analytics, over the past months, only I visited my websites' privacy policy pages! :)

    For any clients - I suggest they pay for lawyers to write the policy (since it doesn't have much to do with the technical stuff anyway, not really) and get a solution the GDPR lawyers/"experts" recommend.

    Totally understand where you are coming from. I get it. It's annoying. Nobody likes cookie banners. Nobody reads Privacy Policies except competitors and lawyers who want to sue you. In Germany it's a bit more intense, though. So this seems like a good AIO deal tbh. Setup and forget. No recurring fees. Multilingual. I just skimmed your Privacy Policy and (no offense at all) think it is likely missing some keypoints from GDPR. Ofc, that's entirely your call and you probably know best how things are run in your country. Just be careful. Especially with sites that are somewhat commercial (like your blog) I'd be extra careful. Again, your call ;)

    Edit: With @Falzo vouching for them and being a LTD hoarder at heart, I just purchased 3 codes. If it all works out this solution is better and more economical than what I am using right now. Thanks @Falzo and also @mfs for your feedback regarding Iubenda. Here we go: My first BF/CM deal this year! ;)

    Thanked by (2)bikegremlin mfs
  • edited November 2021

    Services like this do NOT make you GDPR compliant. There is a lot more into it.
    You can use the following checklist: https://gdpr.eu/checklist/

    Data processing agreements between your organization and third parties are one of the very important steps.

    The funny part is that nearly non of the US providers that offer VPS's in the EU have a standard DPA for their customers. If this doesn't change, there will be issued a lot of fines and data processing bans, when the preliminary trials have set a precedent for the sentence for the offenses.

    Temporarly or perment data processing ban =

    Thanked by (4)Falzo Ympker webcraft g4m3r
  • Did anybody of you buy this and can tell if it's worth it? Just had a look at their free textes and they seem less professional than those of certain free generators. At least for German and French language.

  • mfsmfs OG
    edited November 2021

    @frog said: Services like this do NOT make you GDPR compliant.

    Yeah, sadly there's no "official checklist" (AFAIK) just some tools (either sponsored by companies or legal firm) trying to ELI5 the whole subject

    I have seen a number of businesses that have expressly required a DPA between their DPO and the agency or internet service provider (from the mail provider to the website hosting agency to the mailing list agent), especially in sectors where highly sensitive data are handled (e.g. health data, or worse, financial data); this should be of particular value where an insurance against disastrous events such as data loss or hacking is required.
    So, not so much to protect the consumer or the citizen, but rather for... insurance purposes, some bodies/organisations require the service provider to be based in Europe and to establish a DPA.

    In summary, the DPO seems the "sacrificial victim" if and when something goes (terribly) wrong. She or he needs a legal background as well as an IT background and... few want to do it...
    At the end of the day, however, if you're not Google, or Amazon, or the like, there will hardly ever be any repercussions ... so I think that in 99.99% of cases even a static compilation of a cookie policy is fine, no one will check if you actually keep a record of consents, always to be expressed in advance, and to be kept in pseudonymous form...

    At least I believe nobody will check until the company or the service provider suffers the theft of some database and, above all, this theft becomes of public domain... then the DPO is taken and a big pyre is made, according to the ancient customs. But these are cases of a magnitude and gravity, both in terms of the size of the companies involved and of the 'lost' data, which should not however impose beforehand budget problems for DPO, Cookie Policy, Internal Management, Record of Consent, and all that jazz.

    @webcraft said: At least for German and French language.

    I'm sure you can find some "actual texts" in various languages actually in use on the websites listed in their partners directory (includes legal firms and agencies from DE, CH, US, BR, NL..)

    Thanked by (1)Ympker
  • YmpkerYmpker OGContent Writer

    @webcraft said:
    Did anybody of you buy this and can tell if it's worth it? Just had a look at their free textes and they seem less professional than those of certain free generators. At least for German and French language.

    I bought three codes, but didn't get around to testing them yet. @Falzo might know a bit more about this.

  • @Ympker said: I bought three codes

    An agency here has bought two more codes and will be migrating a multisite (IT/EN/DE/FR) from Cookiebot to Iubenda next week... 1 license per language
    Will ask if I can post their customer here for reference :-)

    Thanked by (1)Ympker
  • edited November 2021

    @mfs said:
    At the end of the day, however, if you're not Google, or Amazon, or the like, there will hardly ever be any repercussions ... so I think that in 99.99% of cases even a static compilation of a cookie policy is fine, no one will check if you actually keep a record of consents, always to be expressed in advance, and to be kept in pseudonymous form...

    At least I believe nobody will check until the company or the service provider suffers the theft of some database and, above all, this theft becomes of public domain...

    The above isn't correct.

    It is correct that a one-man-band most likely will get a warning, but the first preliminary trials in Denmark are against normal-sized companies.

    You can translate the following with Google translate. The company had old customer data in an old ERP system. They got a $15,000 fine.
    https://www.bechbruun.com/en/reference/2021/bech-bruun-frer-frste-retssag-om-overtrdelse-af-gdpr

    We have all seen hosting customers with PMS use a ridiculous amount of time on shitposting and (fake) chargebacks.

    Reporting a company to the authorities is free, and the authorities will investigate some of the companies with multiple complaints.

    Edit: link changed to English version.

    Thanked by (1)mfs
  • How does it work with their "licenses"? Can I use two and sell the other three on eBay?

  • @frog said: The above isn't correct.

    Well, thank you for your perspective.
    Every proceeding here is, afaik, against not-so-normal-sized companies and happen when shit hits the fan. We are mixing Cookie Law and GDPR a little bit maybe, they overlap but... the link you're proposing seems about customer data retention beyond mandated storage limits.
    I have yet to learn about a random "inspection" from the Garante about the "proper compliance" according to the "Cookies Law" just for the sake of it; you're quoting me on that (well the context was DPA/DPO and maybe it wasn't totally clear but I was talking about Cookie's Law in that excerpt).
    The verification of the proper keeping of a 'cookie preference register', or log, is unlikely to take place in the absence of an obvious breach of other rules related perhaps to the GDPR, such as the obvious lack of a DPO in charge when required, or when a leak happens. In Italy, the "Cookie preference log" isn't even strictly enforced yet, it will allegedly be a requirement on 10 Jan 2022.
    Now, if there's a proceeding about GDPR violations there's a good chance the Authority will check if you're correctly warning your users about your cookies and your trackers while they're at it... The very same "Internal privacy management" thing in iubenda isn't arguably necessary if you aren't an e-commerce or otherwise storing sensitive data inserted by your users, at the same time if won't give compliance to GDPR and whatnot; it's just a tool to assist the DPO in their duties and strictly speaking it goes beyond the scope of the Cookie Law(s)
    Cookie Law and GDPR overlap a little on the "Record of Consent" thing. At least in Italy, the "Cookie preference log" aka "Record of Consent" has been pitched as a corrective to the Cookie law in order to be respectful of the same principles expressed elsewhere by the GDPR itself on the subject of personal data entered by the user. It is also why in a previous post I briefly confused and then corrected the "Internal Privacy Management" (a tool intended to assist for the GDPR, yet not giving per se GDPR compliance) with the "Cookie preference log" (a tool intended to assist for the Cookie Law and intended to give compliance with some national authorities).
    Iubenda summarizes this here:

    Records of consent

    While the Cookie Law does not explicitly require that records of consent be kept (just proof) in most cases cookies do process personal data, which is why the record-keeping requirements stemming from the GDPR may apply. Many Data Protection Authorities across the EU have therefore aligned their cookie and tracker rules to GDPR requirements.

    And also:

    On July 10th, 2021, the Italian Data Protection Authority (“Garante Privacy”) approved new guidelines for cookie usage.
    [...]
    Proof of consent: you need to prove that you have obtained valid consent according to the standards of the GDPR.
    [...]
    The deadline for compliance is January 10th, 2022.

    Again: this is about "Cookie Law" compliance, not just GDPR compliance in general. The Garante's guidelines are here, sadly the English version seems removed. The relevant bits are at the end (emphasis added, translation my own):

    [...[
    The Authority also points out that the re-presentation of the banner at each new access for the request for consent to users who have previously denied it is not justified by legal obligations and is a redundant and invasive measure. The user's choice, therefore, should be duly recorded and no longer requested, unless

    • the conditions of processing change significantly;
    • it is impossible to know whether a cookie is already stored in the device;
    • at least 6 months have elapsed.
      The right of users to revoke their consent at any time remains unaffected.

    The Garante hopes that a universally accepted codification of cookies, which is currently lacking, will soon be in place to objectively distinguish technical cookies from analytics or profiling cookies. Pending the achievement of this objective, the Garante calls on publishers to disclose in their information notice at least the criteria used by each publisher to encode the trackers.

    Site owners will have six months to comply with the principles contained in the Guidelines.

    Rome, 10 July 2021

    Again: this is about "Cookie Law" compliance, not just GDPR compliance in general.

    About actual cases in front of the national Authority
    The cases for a proceeding in front of the Garante here seem to stem from gross violations, e.g. "no DPO has been designated even if required by law" or "your whole database now belongs to Putin"
    In Italy actions of the Garante in the last months have been against TIM, Sky Italia s.r.l, Moneycontroller s.r.l, Intesa San Paolo S.p.A., a Minister itself for failure to designate a DPO as required in a public organization (....) , Facebook Ireland Ltd & Facebook Italy s.r.l. ... and so on. No readily available version of these documents seem to exist in English on garanteprivacy.it , sorry (they recently migrate the site and it seems the ENG and even some DEU translations got lost in the process)
    During these proceedings the "Cookie Law" violations are usually "absorbed". I'm not aware of a single fine or proceeding for a "Cookie Law" violations per se since 2015, with very few notable exceptions.
    AFAIK the only cases here across Europe are quite... big. The French Commission Nationale de l’Informatique et des Libertés (CNIL) has fined on the basis of the "Cookie Law" alone, and yet again, they fined... Google and Amazon. Here the proceeding (in French)
    I believe that's also why in Europe Google started seriously nagging the user about their Cookie preferences, if the user routinely deletes their cookies.
    Spain's AEPD condemned Vueling in 2019 for lack of Cookie compliance, anyway the final fine was just 18k (and it was Vueling); it was more or less concomitant with C-673/17

    About customer data retention
    We have cases of smaller companies actively asking the Garante to extend the data retention period of data pertaining their customers "for marketing purposes", the Garante may agree for an extension and usually it's said that at the end of the extension the data has to always be either deleted or anonymized.

    The fact that somewhere in EU a seemingly normal-sized company using an "old ERP system" gets actually fined for not deleting unused yet unbreached and undisclosed old data, for this fact alone, and all of this is possibly starting from PMS... well it's pretty interesting.

    @frog said: Reporting a company to the authorities is free,

    Here you're forced to use PEC if you don't want to do that personally or via registered mail with return receipt, I'd say it would be generally perceived to be quite a hassle. No "anonymous tips"; in general I believe most PMSers would just yell at the phone about the morality of someone's ancestors rather than snitching about something that may or may not happen on some 5+ yo database, this attitude may have helped reducing the chances for a proceeding to actually start

    Final words: the pitch "GET GDPR, CCPA, LGPD compliant" in OP's title is probably... just a pitch, even if it's mirrored on the site of a iubenda legal partner (in Texas); iubenda may give tools (and it's eventually made clear on this partner website) for EU Cookie Law compliance and Record of Consent according to GDPR, but if you really are serious about GDPR, you need a DPO with legal background and/or law counselling.

    Thanked by (1)frog
  • BikeGremlin
    Mostly harmless ™

  • Apropos GDPR:
    in order to work (even from remote!) I have to exhibit a QR attesting my EU Covid Certificate, and $employer cannot store my EU Covid Certificate status unless I explicitly allow them to store the cert for the whole duration of its validity. If I follow this route $employer isn't required to constantly check if I still posses a valid EU Covid Certificate every single day. In theory $employer at the end of every day should just do the following

    and then check again the (stored) certificate the following day until its expiration.
    It goes without saying that it's not what happens... storing the QR seems generally considered too spicy (health data, no discrimination rules among different ways to obtain the cert) so the expiration is added to the badge and in the company's db. Then the DPO has to perform a DPIA, add some clauses, remember everyone that they can revoke the consent anytime and immediately neuralyze $employer, and so on and so forth.
    In the meanwhile $employer informally knows exactly who has the certificate, how it has been obtained and when, and all this is a legalese circus; even more since you are automatically suspended without a Cert and well, that's something $employer has to plan and consider.

    Thanked by (3)Falzo Ympker bikegremlin
  • @mfs said:

    @frog said: Reporting a company to the authorities is free,

    Here you're forced to use PEC if you don't want to do that personally or via registered mail with return receipt, I'd say it would be generally perceived to be quite a hassle. No "anonymous tips"; in general I believe most PMSers would just yell at the phone about the morality of someone's ancestors rather than snitching about something that may or may not happen on some 5+ yo database, this attitude may have helped reducing the chances for a proceeding to actually start

    It is easy to file a complaint in Denmark. All you have to do is to fill out a form or send an email. You can't do it anonymously, but it only takes a couple of minutes.
    https://www.datatilsynet.dk/english/file-a-complaint

    Thanked by (1)mfs
Sign In or Register to comment.