Adrian Weckler on GDPR: A foolproof guide to what all those emails really mean
WE’VE all been getting the incessant emails. They say things like: “Let’s keep in touch!” And: “Important – if you want to keep receiving our emails …”
For weeks, they’ve been filling up our inboxes because of what is happening today.
Europe’s sweeping new data privacy law, the General Data Protection Regulation (GDPR), came into full force at midnight.
It brings with it tough new penalties for organisations and individuals who fall foul of it, including fines up to millions of euro.
It also affords new rights to individuals, including an enhanced `right to be forgotten’ and the ability to get service providers to transfer your data between them. But most surveys show that many people here are still confused as to what exactly their new restrictions and rights are.
Listen: The Big Tech Show: An absolute idiot’s guide to GDPR
Does it mean you can’t send group emails any more? Is consent needed to keep in touch with people you’re used to contacting? And what if you’re involved in a community group or charity?
Here’s a beginner’s guide to some of the practical ways in which the GDPR might affect ordinary people in and out of work.
‘I’m the secretary of a sports club. Does GDPR mean I now can’t send group texts or emails to members any more?’
No. This is still mostly fine, assuming you’re to what all those emails really mean communicating with your club’s members about things lsuch as upcoming events or even raffles that go to support the club.
‘I’m raising money for a good cause and want to email and text everyone I know to tell them. Does GDPR’s introduction now stop me from doing this?’
No. You can do that to your heart’s content.
‘I keep CCTV in my shop. Do I have to provide video footage or photos of someone if they ask me?’
Yes. However, if your CCTV recorded someone but was on a 24-hour auto-delete loop and the person asks a week after the footage was automatically deleted, you don’t have to provide them with the (deleted) footage.
‘I am keen to contact someone about a job I have to offer. Am I allowed to email them having obtained their details from a site like LinkedIn?’
Probably. For example, if the person indicates on his or her LinkedIn page that they are open to job offers or “exploring new opportunities”, then you probably can. It’s a different situation if you go about ‘scraping’ people’s email addresses from websites in order to build up some sort of recruitment-related database.
‘I’m worried people might not click the box to `keep in touch’ when I email them and that my email database will be drastically thinned out. Should I throw in a competition to win some cash as an incentive?’
No. Some experts are very clear on this. “Doing this invalidates the consent,” said Daragh O’Brien, founder and chief executive of data protection firm Castlebridge. “Companies have been prosecuted in the UK for doing exactly this.”
‘My boss told me to handle GDPR. If I send an email to someone looking for their consent is it OK to say they’ll be kept subscribed unless they email me back. Or do I have to tell them their details will be removed unless they email me back?’
It depends on how you got hold of their contact details. For example, your company might do business with another company or individual, in which case you have their contact details on that basis. It’s not quite the same as consent in the case of other email databases.
‘This is all new to me. Surely there’ll be some bedding in period to let us get used to it.’
Nope. That `bedding-in’ period has been the last 18 months. Ireland’s Data Protection Commissioner Helen Dixon, whose office will enforce the new law, says that she will enforce the law fully and won’t be letting people off because it’s ‘all new’ to them.
Article Source: http://tinyurl.com/kbwqb42