Got something to say or just want fewer pesky ads? Join us... 😊

[News] Drowning under GDPR emails



timbha

Well-known member
Jul 5, 2003
10,515
Sussex
Even ICO admit they are more interested in educating rather than prosecuting. How the hell would they be able to chase after the thousands of companies that will probably inadvertently not comply for some reason or even those that just ignore it. Typical EU bullshit and red tape which could have prevented the spammers etc with a more simplistic approach.

Agreed. But at least ICO has the powers to chase and meaningly fine the ones that have abused the dp requirements for many years. Educate yes, but after that there’s no excuse/defence.
 




driddles

Well-known member
Nov 8, 2003
656
Ontario, Canada
I took over managing a list here in Canada. They hadn't followed the Canadian double opt in laws so I set up an email to double opt in everyone based on Canadian double opt in laws 3 weeks ago.

Now we're being told that as some of our list are in Europe we need to double opt in everyone again for GDPR. I'm sure the spamcos will all follow these rules closely.
 


SUA Seagull

Well-known member
Jul 23, 2016
421
Stratford-upon-Avon
Hello good folk of NSC. From reading this thread it seems as if many of you are fully up to speed with GDPR, whereas I am most definitely not so could do with some help please! I am a sole trader running my own company with only a couple of clients and retirement less than a year away. I am not very IT savvy and have not focused on GDPR, assuming it wouldn’t affect me. Now I fear it may. I don’t cold call or actively market and the only data I retain is email addresses/contact names of existing clients (who’ve provided me with their data) and contact data for some financial institutions I occasionally approach on my clients’ behalf (most of which the institutions provided directly to me but a fraction of which I sourced via other contacts), as well as data that’s already in the public domain. What do I need to do re GDPR? Is a simple Privacy Policy statement on my company’s website sufficient, in its capacity as a “data controller”? Any guidance would be most appreciated, thank you.
 








jasetheace

New member
Apr 13, 2011
712
About a year ago it was suggested that organisations would be required to provide the ICO with a statement of compliance/readiness confirming full GDPR compliance by 25th May, or disclosing areas of non compliance and plans to rectify. Not sure where we are on this.

I suspect the ICO will wait for the first big name failure, eg something like the recent TSB computer problems where people could access the wrong accounts, and then launch an investigation knowing full well that it will win. This will send out a strong message.

I checked this in passing conversation with our lawyers late yesterday and they are comfortable that this is not required. They do however recommend that in addition to the many documents that many of us would have produced, that we create a "chronology" of actions taken to prepare for GDPR as first point of reference should an inspection or response to complaint/breach ever be required.
 


timbha

Well-known member
Jul 5, 2003
10,515
Sussex
I checked this in passing conversation with our lawyers late yesterday and they are comfortable that this is not required. They do however recommend that in addition to the many documents that many of us would have produced, that we create a "chronology" of actions taken to prepare for GDPR as first point of reference should an inspection or response to complaint/breach ever be required.

Thanks. Your legal advice makes good sense and would be the first piece of mitigation
 


timbha

Well-known member
Jul 5, 2003
10,515
Sussex
Today I received GDPR mails from Barclays and Nat West plus others. I don’t have a Barclays account so dialled the any queries number. First question automated response asks “what is your account number?”. Doh !
 




A mex eyecan

Well-known member
Nov 3, 2011
3,885
ignoring the many many consent requests, hopefully ridding all the crap that hits my in box is almost cathartic
 


Hampster Gull

Well-known member
Dec 22, 2010
13,465
ignoring the many many consent requests, hopefully ridding all the crap that hits my in box is almost cathartic

I hope for the same but have followed a different approach. I unsubscribe from nearly all of them. Let’s see, too early to declare victory
 


thedonkeycentrehalf

Moved back to wear the gloves (again)
Jul 7, 2003
9,353
Hello good folk of NSC. From reading this thread it seems as if many of you are fully up to speed with GDPR, whereas I am most definitely not so could do with some help please! I am a sole trader running my own company with only a couple of clients and retirement less than a year away. I am not very IT savvy and have not focused on GDPR, assuming it wouldn’t affect me. Now I fear it may. I don’t cold call or actively market and the only data I retain is email addresses/contact names of existing clients (who’ve provided me with their data) and contact data for some financial institutions I occasionally approach on my clients’ behalf (most of which the institutions provided directly to me but a fraction of which I sourced via other contacts), as well as data that’s already in the public domain. What do I need to do re GDPR? Is a simple Privacy Policy statement on my company’s website sufficient, in its capacity as a “data controller”? Any guidance would be most appreciated, thank you.

Wouldn't say I am an expert but have just spent a day in a GDPR workshop with our external consultants and am part of the business GDPR team for my company (for my sins). My understanding is that, at a simple level then yes, you should have the privacy statement which explains what data you keep and why and who to contact if there are any requests. If you look around the internet, have a look at other Privacy Policies to see what they say and the create your own.

You have to have a nominated Data Controller (yourself) and you should know where any of your structured data - i.e. any information about your clients - is stored so that in the unlikely event that one were to put in a request, you can demonstrate which data you hold and ensure it is completely reported / removed as per their request. I'm assuming that is in some form of simple database - whether that is an Excel sheet or even something as simple as a Word document.
 




SUA Seagull

Well-known member
Jul 23, 2016
421
Stratford-upon-Avon
You have to have a nominated Data Controller (yourself) and you should know where any of your structured data - i.e. any information about your clients - is stored so that in the unlikely event that one were to put in a request, you can demonstrate which data you hold and ensure it is completely reported / removed as per their request. I'm assuming that is in some form of simple database - whether that is an Excel sheet or even something as simple as a Word document.

Thank you TDCH; very helpful. I located an appropriate (and simple) Privacy Policy template which I adapted for my own needs. I already keep all of my client data in separate customer files in File Explorer, so I've ticked that box too. I appreciate you taking the time to respond, thanks again.:salute:
 


Westdene Seagull

aka Cap'n Carl Firecrotch
NSC Patron
Oct 27, 2003
21,526
The arse end of Hangleton
GDPR = the new Y2K

Huge panic. Some people make a load of £ for doing very little. But then the sun comes up the next day and everything carries on as before.

There was nothing wrong with the Y2K panic ..... some of us were very productive :wink: Only New Year I've ever been on call but boy was the x5 time worth it !
 


Giraffe

VERY part time moderator
Helpful Moderator
NSC Patron
Aug 8, 2005
27,237
We now seem to have hit overload day on "we have updated our privacy policy" . Has anyone actually clicked on any of these policies and read them? What is the point of all this really?

I'm tempted to reply to some with, who are you and how did you get my details?
 




Lawro's Lip

New member
Feb 14, 2004
1,768
West Kent
We now seem to have hit overload day on "we have updated our privacy policy" . Has anyone actually clicked on any of these policies and read them? What is the point of all this really?

I'm tempted to reply to some with, who are you and how did you get my details?
Somewhere in the email should be an opportunity to unsubscribe.
 


Westdene Seagull

aka Cap'n Carl Firecrotch
NSC Patron
Oct 27, 2003
21,526
The arse end of Hangleton
Somewhere in the email should be an opportunity to unsubscribe.

About 75% of mine have been a click here to opt back in. It's telling I've not had a single email from recruitment agents about my data ...... and a lot have my CV !
 


Goldstone1976

We Got Calde in!!
Helpful Moderator
NSC Patron
Apr 30, 2013
14,124
Herts
Been ploughing through my email inbox getting rid of the crap I no longer want to receive marketing BS from, when a thought occurred to me: no GDPR email received from BHAFC. Has anyone had one?
 








beorhthelm

A. Virgo, Football Genius
Jul 21, 2003
36,025
About 75% of mine have been a click here to opt back in. It's telling I've not had a single email from recruitment agents about my data ...... and a lot have my CV !

i wondered about that, then found they've been going to spam.
 


Albion and Premier League latest from Sky Sports


Top
Link Here