Well, it’s finally here…after all the scare mongering and panic GDPR day has arrived. And so far, I’m pleased to say the sky has not fallen in and the world has not stopped turning!!
The hype hit its peak this week when GDPR was the most popular search term on Google overtaking Beyonce in search volume.
So where do we go from here and what happens now…
Will the ‘keep in touch’ emails continue?
Contrary to popular belief businesses are not required to automatically refresh all existing consents to conform with GDPR. There are six legal grounds under the GDPR you can rely on to process personal data – consent, performance of a contract, legal obligation, vital interests, public interest and legitimate interests.
The lack of understanding around when and why consent is needed under GDPR has prompted the Information Commissioner’s Office to comment on some of the “myths” of GDPR.
“We’ve heard stories of email inboxes bursting with long emails from organisations asking people if they’re still happy to hear from them,” Steve Wood, the deputy information commissioner, wrote in guidance for businesses. “So think about whether you actually need to refresh consent before you send that email, and don’t forget to put in place mechanisms for people to withdraw their consent easily.”
What if you haven’t updated you Data Protection Policies by 25th May?
Don’t worry! “There is no need for panic,” a spokesperson for the ICO said. “May 25 is not a deadline – it’s the beginning and we’d expect organisations to continue to assess and review their policies and procedures from now on.”
So if you haven’t started, you may want to think about doing so promptly, the information commissioner Elizabeth Denham says companies working towards getting their systems sorted for GDPR won’t be punished as harshly as those that haven’t shown any awareness of the law or don’t already have a data protection policy in place.
What about the fines?
There’s no surprise that panic has been created around the fines which can be enforced under GDPR. However, the ICO has called it “scaremongering” to say it will be issuing massive fines except in the most severe of cases. The claims that fines issued under GDPR would be 79 times higher than under the UK’s previous data protection laws are very unlikely to happen.
What would Beyonce say??
To paraphrase a well-known verse from Queen Bae, “If you liked it, then you should have put a tick on it.”
If you are an individual and you want to continue receiving emails from companies marketing to you then you need to opt in to continue receiving those emails. If you don’t then don’t respond.
You may also need to update your privacy settings on certain social media sites.
For businesses, make sure you have updated your privacy policy, reviewed your data and know why you hold it, for how long and for what purpose.
Also do you have procedures in place to deal with any subject access requests you may receive?
If you require help with any of the above, get in touch with our commercial team. We will be happy to help.