I’m not a DPO, but I have been part of the GDPR since it was announced, and have watched the definition of what it is, change from a very dark shade to a slightly lighter shade of grey, there are still parts we don’t know or haven’t got a clear definition on as yet. We sat on webinars and listened to ‘experts’ talk about the possibility of no more email campaigns without consent and double opt in being a necessity (very senior people in prominent organisations) thinking that wasn’t in line with our interpretation! So we decided to take the approach on GDPR to avoid speculation, so we sat back and waited for further news from the ICO , as there is nothing worse than a social media or blog post that comes back to bite you down the line.
So the DMA and the ICO have disseminated some great information and it became clearer that in our most prominent business area (B2B) we were less affected by GDPR and businesses could go down one of two routes – Consent or Legitimate Interest.
Anyone reading this blog who is a regular online shopper, must have got tired of the deluge of emails that started on the 23rd going through to the 25th ‘re-subscribe yourself!’ ‘We can’t Market to you anymore’ ‘Please don’t go’ which I’m sure like many others deleted, but the whole time thinking to myself – why are they doing this?
Under GDPR – It is not necessary to refresh or re-permission existing DPA consents for the GDPR, as long as such consents meet the GDPR standard, and that they are adequately documented.
Legitimate interest seems to be the area that people are most confused about under GDPR – we see evidence of this everyday with the replies we get to our email campaigns !
The DMA example for Legitimate Interest is a great example of how we should consider whether the principle is valid or not – every year you buy the new blockbuster on PlayStation for you son or daughter (or yourself!) and you buy it online, is it reasonable that said company sends you an email the next year when the new game in the series is released? In reality the principle of Legitimate interest is more nuanced, but this is a great example, for more reading about the LI balancing test I would check the ICO article here.
As fully expected, we have noticed a big increase in the number of complaints, email replies, social media posts etc. where people are accusing us of not being ‘GDPR compliant’ as we are sending them an email to market our goods and services. This asks the question of where are people getting their GDPR information from? What did they do with their data? and How are they Marketing after GDPR? Ironically the questions we asked in our recent email campaign 🙂
If you wish to discuss anything post GDPR, you can email me on firstname.lastname@example.org or call us on 01628 901081