Well it’s GDPR week, so I thought I’d do one final GDPR blog. If you’re anything like me, you’ve been getting a flurry of emails from companies asking you to opt in, update your details, read their privacy policy or simply do nothing. It appears the mad panic is on, to get everything place for the end of the week.
Many of the big players including Tesco and Marks and Spencer have been emailing over the last 7 days and they are not looking to re-consent. Does this mean that they already consent, they’re not processing our data based on consent or that they’ve got it wrong?
The answer could be any one of these. We simply don’t know and by following the likes of Tesco you may be basing your own GDPR activity on a scenario that doesn’t mirror yours.
However, I can totally understand why you would. There’s so much advice out there, finer details of the regulations have emerged late in the day and even the lawyers say some things are open to interpretation.
I’m a member of a group of about 10k people talking about GDPR on Facebook and it’s amazing how the interpretation of rules varies across the group. Even the ICO latest blog on consent refers to lots of scaremongering and the need to review if you really need to get fresh consent. It’s no wonder people are confused and concerned about what they should be doing.
So what path should we take and what if it’s the wrong one?
Well I’ve definitely advised my clients to take action. To the best of our combined knowledge, following assessments of their processes, we’ve agreed what we think we should be doing. Having working with a number of my clients on GDPR, I’ve found that we need to take a different approach for each one of them.
In my view, reviewing your data and the processes you use has to be a good 1st step and one that everyone can take. But rushing in to sending out an email to your entire base, because everyone else appears to be doing something, is not the way forward. It might not be the right thing for your organisation and may lose you customers, because they either don’t opt back in or are confused by your messages.
One thing you can be sure of is if you hide and do nothing, the chances are you won’t be compliant. And whilst the ICO will be busy targeting larger organisations who are not complying, all it takes is for one complaint about you to find yourself on the ICO’s radar. However, they’ve been clear that they want to support people and will work to help prevent as opposed to punish.
“So yes, this regulator will have teeth. But I prefer the bark to the bite and my office is committed to prevention over punishment.”
So whether it's safe to come out into the open or not, you still have time to think about what’s right for you and do something. Just take action!