Whilst I agree that the haughty approach by HQRAFAC is not appropriate, i suspect that there is a huge worry about not too much, with associated unnecessary lower garment twisting!
As a UK registered organisation, as far as I’m aware, we’re answerable to the UK Information Commissioner’s Office (ICO). Even if issues materialise, it won’t necessarily be the end of the world. In 2017 the ICO processed 17,300 complaints and issued only 16 fines. That won’t change under GDPR as the Commissioner herself explains here.
The “definition” of personal data seems to get distorted too; ICO outline it here (use the Questions 1 - 8 to see what might, or might not, fit). Very generally, processed or collected / filing system data is what will always count.
We shall see I suppose.
They don’rt need bank details as they can send us cheques, which as I understand is how money used to get paid.
They can send stuff out by post, which would mean that things would have to be planned properly and we get decent lead times for activities. Email would work better if we could scan and email things, rather than print the things they send or put on sharepoint, sign and stick in an envelope.
No, they could implement a clearly ridiculous system instead - but it does rather depend on how you define “need”. I think that everyone pretty much else on the planet agrees that they need your bank details in order to pay you.
I mean I’d say that my car “needs” petrol. I could of course push it, or have it pulled by a horse, or re-fit it with a steam engine, but these would be quite silly.
i’ve been contacted by 3 companies who i am on a email newsletter today already - seems the 1st May is the date to start for some companies to get inline!