ChatterBank9 mins ago
G.d.p.r. - Can Anyone Help?
I am selling, on behalf of a charity, used Postcards and First Day Covers. Many of these items have a name and address on them.
Recently someone mentioned GDPR and I have little knowledge about the law regarding personal information.
The items that I have been working on lately have been over a hundred years old and I feel that we had no problem with these items.
But what about more recent information? 1984?
These items have been donated to us with the person knowing that they will be resold.
My main concern is that to display them for sale online I scan the item on both sides. Is this a problem?
Our charity is not able to help.
Help! 😁
Answers
No best answer has yet been selected by wolf63. Once a best answer has been selected, it will be shown here.
For more on marking an answer as the "Best Answer", please visit our FAQ.GDPR only applies to the 'processing' of personal data, with 'processing' being defined thus:
‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
It's hard to see how simply possessing some postcards which happen to have some people's addresses on (many/most of which won't be where they currently live anyway) can be classed as 'processing' their personal data. I wouldn't be worried about it myself.
However, if you want to obscure the names and addresses on the images of cards which you're uploading to your online sales portal, it's very easy to do with a program such as Irfanview:
https:/
Simply open your image in Irfanview and go to Image > Effects > Pixelise.
Then go to File > Save (original folder) and click 'Save', accepting the option to overwrite the original file. (If you don't want to overwrite that file, use File > Save As instead)
PS: As an analogy, Royal Mail has millions of postcards, letters and parcels passing through its systems every day, with many of them having individual people's names and addresses on.
However they're clearly not 'processing' that data in any way and therefore GDPR isn't relevant. The postcards passing through your system are in much the same position.
The GDPR do apply to Royal Mail.
"Royal Mail Group’s role as a data controller
Royal Mail Group does not process personal data inside the letters and parcels it handles. Where we process personal data for the purposes of sorting, tracking and delivering mail or parcels (including where an organisation provides us with ‘pre-advice’ for delivery purposes) we are the data controller. We are registered as a Data Controller with the ICO, under registration: Z5374624."
There is the Information Commissioner's Office (ICO) and you can 'phone them or use the live chat facility online for advice and the details are here,
https:/