| I'm sorry, but this comment reads like something written by an academic with no real world experience of data protection issues and running businesses at all. You should be able to provide this from a SQL query. Please tell us all what that query should be, then, and how it's going to cover the relevant data stored in log files, emails, remote services used for payment processing, off-site backups, etc. That's just a very minimal set of other places that almost any new online business is likely to be working with on day one. Data Classification Plan Asset Inventory Plan Privacy Impact Analysis Privacy Impact Assessment Access Control Plan Data Retention Plan Data Collection Plan Breach Escalation Plan You're suggesting that in order to handle this kind of request -- which none of my businesses has ever received from anyone in many years of trading -- we should write up 8 different formal policies? These businesses probably don't have 8 different formal written policies in total at the moment. This is just totally detached from the realities of running small businesses, though it does reinforce my point about disproportionate burdens. [The parent comment appears to have been edited after I wrote this. The terms above were in the original.] |
I wasn’t finished writing.
>we should write up 8 different formal policies?
Yes. That’s obvious.