[News] Drowning under GDPR emails

[WATFORD zero]

excuse an old luddite but how do you do that?

Put it in a pdf (sorry, [MENTION=1365]Westdene Seagull[/MENTION] )

 

[Screaming J]

I suspect hitony's company is the victim of some over cautious legal advice. I accept this does not help his situation but I doubt what the lawyers are suggesting is necessary.

It's all about taking 'reasonable' steps as far as I can see and if you need to forward Florrie Blennerhasset's details on to someone doing work on your behalf that's probably reasonable. What wouldn't be reasonable is if the company you forwarded it on to then used it to bombard the aforementioned Florrie with loads of junk email or whatever. But surely that is their responsibility, or one sorted out between hitony's company and the third party, not Florrie.

 

[timbha]

Well thanks for that, I really am still none the wiser. Are you a politician.

it's about how organisations collect, manage, store, use, delete, etc the data they collect about living individuals. The regulations come into force on 25th May and carry heavy penalties for non Compliance. It's a EU thingy.

 

[timbha]

I suspect hitony's company is the victim of some over cautious legal advice. I accept this does not help his situation but I doubt what the lawyers are suggesting is necessary.

It's all about taking 'reasonable' steps as far as I can see and if you need to forward Florrie Blennerhasset's details on to someone doing work on your behalf that's probably reasonable. What wouldn't be reasonable is if the company you forwarded it on to then used it to bombard the aforementioned Florrie with loads of junk email or whatever. But surely that is their responsibility, or one sorted out between hitony's company and the third party, not Florrie.

Florrie

in this case Florrie should have been told, and agreed to her details being passed to sub contractors (who have their own dp T&Cs) to enable them to perform the work

 

[Herr Tubthumper]

Put it in a pdf (sorry, [MENTION=1365]Westdene Seagull[/MENTION] )

 

[Screaming J]

Florrie

in this case Florrie should have been told, and agreed to her details being passed to sub contractors (who have their own dp T&Cs) to enable them to perform the work

In which case you put in some tenancy agreement (or whatever) - that you have with Florrie - that she - by signing this agreement - agrees that her details can be passed on to sub contractors who need to look at her pipes (or whatever). Then you agree with the subcontractors that they must not use Florrie's details for any other purposes. You surely don't need to go through this rigmarole every time the good lady's pipes need examination.

 

[Gazwag]

We have been told today that as of next Monday every email we send must be encrypted and the client will need to either obtain a pin code every time or sign into an account to un encrypt the email.

Going to be an absolute nightmare.

 

[timbha]

In which case you put in some tenancy agreement (or whatever) - that you have with Florrie - that she - by signing this agreement - agrees that her details can be passed on to sub contractors who need to look at her pipes (or whatever). Then you agree with the subcontractors that they must not use Florrie's details for any other purposes. You surely don't need to go through this rigmarole every time the good lady's pipes need examination.

agreed

 

[Dolph Ins]

it's about how organisations collect, manage, store, use, delete, etc the data they collect about living individuals. The regulations come into force on 25th May and carry heavy penalties for non Compliance. It's a EU thingy.

Thanks. You obviously aren't a politician.

 

[timbha]

We have been told today that as of next Monday every email we send must be encrypted and the client will need to either obtain a pin code every time or sign into an account to un encrypt the email.

Going to be an absolute nightmare.

every email? even email's containing no personal info? what about an email to the Mrs saying you're gonna be late (or perhaps "NORWICH"!!!)

 

[beorhthelm]

I don't know what you do for a living or who you work for, but my company do EVERYTHING in a "Belt & Braces" fashion

what you described isnt belts and braces, it cocked eyed and counter productive. the premise is you need consent - thats all. by raising a letter to do so it doesnt change anything just make for a more convoluted process. i wonder if theres some IT contractors on large fees guiding this...

 

[Hampster Gull]

Got a marketing email from a company I have never heard from before. I emailed askepknig to be removed from their marketing list. The response was

“Thanks for your email.

I have forwarded your email to the XXX Plc company that we receive our mailing lists from. Unfortunately, it is not our database so we cannot unsubscribe you ourselves. I apologise in advance if we receive another list with your details in it, and inadvertently send you another event invitation.

Warm regards,...”

 

[Brian Fantana]

what you described isnt belts and braces, it cocked eyed and counter productive. the premise is you need consent - thats all. by raising a letter to do so it doesnt change anything just make for a more convoluted process. i wonder if theres some IT contractors on large fees guiding this...

This.

The OP's company's approach to this situation is just plain incorrect. I say this as someone who is sitting on the team responsible for delivering GDPR at a FTSE 100 company.

 

[Brian Fantana]

The main thrust of the legislation is targetting the slightly gung-ho way in which third party marketing has been handled over the past few years (which results in the vast majority of junk email and mail that people receive). This is when you sign up with a particular company and then opt-in to 'third party communications', which is essentially the company you've just registered with selling your details on to whoever they see fit. Under GDPR, that's going to be a lot more difficult to do and *should* stem the flow of nonsense received.

Essentially, it is about giving people more control over their data - who has it, what exactly they have, what they use it for.

 

[timbha]

This.

The OP's company's approach to this situation is just plain incorrect. I say this as someone who is sitting on the team responsible for delivering GDPR at a FTSE 100 company.

out of interest what approach have you taken to contacting your customers and the third parties you use?

 

[timbha]

The main thrust of the legislation is targetting the slightly gung-ho way in which third party marketing has been handled over the past few years (which results in the vast majority of junk email and mail that people receive). This is when you sign up with a particular company and then opt-in to 'third party communications', which is essentially the company you've just registered with selling your details on to whoever they see fit. Under GDPR, that's going to be a lot more difficult to do and *should* stem the flow of nonsense received.

Essentially, it is about giving people more control over their data - who has it, what exactly they have, what they use it for.

I don't disagree that gung ho third party marketing approaches triggered the review, but GDPR is much, much wider that this, including data security, accuracy, retention, etc, etc. The whole regime needed a big shake up because the big boys (and the little ones) got complacent and sloppy especially when the Info Comm had no teeth.

 

[Brian Fantana]

out of interest what approach have you taken to contacting your customers and the third parties you use?

We've taken the decision not to go out with a specific 're-permissioning' email campaign, partly because the way in which we've captured the ones we have matches up to the requirements now needed and partly because the advice we received from the ICO was that it was a fairly dodgy exercise to be carrying out.

MASSIVELY cut back on third party marketing activity, it will now be strictly limited to a couple of providers for complimentary services (who will be explicity mentioned in the FPN when signing up).

 

[Brian Fantana]

I don't disagree that gung ho third party marketing approaches triggered the review, but GDPR is much, much wider that this, including data security, accuracy, retention, etc, etc. The whole regime needed a big shake up because the big boys (and the little ones) got complacent and sloppy especially when the Info Comm had no teeth.

Oh, agreed. I was just pulling out the 3P situation as the primary shake-up. I think an awful lot of companies have become very lazy in the way they handle customer data - i.e. keeping it well beyond what would be considered reasonable and also using it for many more purposes than the consent that was originally given would really allow.

 

[Gazwag]

every email? even email's containing no personal info? what about an email to the Mrs saying you're gonna be late (or perhaps "NORWICH"!!!)

Our emails to clients go out from a central account so yes all emails which go out of that account will be encrypted.

 

[beorhthelm]

We have been told today that as of next Monday every email we send must be encrypted and the client will need to either obtain a pin code every time or sign into an account to un encrypt the email.

Going to be an absolute nightmare.

bonkers. that'll last a few weeks until an important email is binned by recipient as spam because they couldnt read it.