The week of 21st May 2018 will be recorded in dystopian history as the date our inboxes battled the onslaught of General Data Protection Regulation (GDPR) consent emails. The majority gave up, laid down their subject headings and faced deletion without reading. Oh the futility!
Uncertainty about the new regulations escalated daily. Companies panicked and pressed the big red ‘send GDPR consent’ button. The result? LOTS of unnecessary emails and a rapidly shrinking marketing database as users chose to ignore rather than opt-in. Ouch!
To consent, or not to consent: that is the question
Actually it isn’t. It’s just one of six lawful bases for processing. No single basis is better or more important than the others – it all depends on your purpose and relationship with the individual. Looks like a lot of people didn’t get that memo. Oops.
If consent was the legal basis used for processing data, then what you needed to have in place *before* GDPR was … yep that’s right – consent. If you didn’t have consent originally and you email a bunch of people asking them to consent, it doesn’t look good.
Things just got awkward
Companies who had prior consent but asked users to re-confirm consent may have lost a massive portion of their marketing database. Just like that. And all because they were scared of being fined and users were fed up with the volume of emails and chose to do nothing. What a waste and such a shame. Especially for smaller businesses who worked hard to grow and keep their marketing lists and may need to start again.
So is that it?
Well thankfully all the GDPR consent emails should have stopped but GDPR is more than getting opt-ins for your marketing lists. The new regulations give people more control over their personal data. There are new laws and obligations around privacy and consent and individuals will find themselves with more power to demand that companies reveal or delete the personal data they hold.
Is now the time to panic?
Absolutely not. 25th May is not the end, it’s the beginning. And that’s straight from the mouth of the Information Commissioner, Elizabeth Denham. She wrote a series of myth-busting blogs, the first of which dealt with the myth that the biggest threat to organisations from GDPR is massive fines. Not true. The ICO will not make early examples of organisations for minor infringements and maximum fines will not become the norm. Elizabeth is pretty clear about that. Check out her other blogs and put your mind at rest. Yes there’s lots of work to be done, but the ICO will help to guide, advise and educate. More carrot. Less stick.
Well for me personally, there aren’t many changes to the way I work. I founded my consultancy on the core principles of honesty, integrity and transparency, and that’s enough to succeed. We’ve never invented a role or placed a fake advert to generate leads. We’ve always disclosed client details in advance and we have never, absolutely ever, sent a CV without the express permission of the candidate.
Here it is anyway. We’ll do everything we can to protect your privacy and preserve your trust. Feel free to reach out at any time if you have any questions and, if we make additional changes, you’ll be the first to know.