[GNC] GDPR and data held in GnuCash
Mike Evans
mikee at saxicola.co.uk
Tue Apr 10 09:28:59 EDT 2018
On Tue, 10 Apr 2018 13:54:16 +0100
"Maf. King" <maf at chilwell.net> wrote:
> On Tuesday, 10 April 2018 13:24:55 BST Colin Law wrote:
>
> > However I believe that any data that is required for 'contractual'
> > reasons is not covered. When one sells anything there is an implicit
> > (or explicit) contract so I assume (though I have no qualifications in
> > this area) that customer data required for invoices and so on would
> > not be covered. However if I were a business with customer data I
> > would be asking my legal guy about this.
> >
>
> That is basically what I've been advised. If you sell stuff, then you are
> able to hold invoice & delivery details for the purposes of that transaction
> (and future transactions too) Also, in the case of the invoice address, there
> is no "right to be forgotten" as it is statutory info that you have to hold
> for the tax authorities to inspect (should they wish to).
>
> What you can't do for example, is use the delivery data to send a marketing
> mailshot without prior, documented, explicit consent for that use, and even
> then, only is sofar as you have said you would in the privacy policy.
>
> IANAL, but I don't think this is an issue for GC - indeed, for many years it
> was remarkably hard to get customer details out of GC to use for other
> purposes!
>
> Maf.
>
>
Good points and now having read:
https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/contract/
I'm inclined to agree that this is not an issue for GnuCash.
It seems though that I need to document this as part of company policy.
Mike E
More information about the gnucash-user
mailing list