I can only admire your optimism. Yes, the General Data Protection Regulation (GDPR) comes into force on May 25, but if you think that’s going to be the end of companies begging you for consent to keep emailing, think again. In fact, it could get worse.
Firstly, all of these companies begging for permission to keep sending you guff probably had no need to do so in the first place. Who says? The Deputy Information Commissioner, the chap whose job it is to enforce these new regulations.
He says it’s a “myth” that companies “have to get fresh consent from all our customers to comply with the GDPR”. What they do need to have – even under current legislation – is proof that you’ve given consent to receive their gubbins in the first place.
The irony is that if companies are unsure how you ended up on their mailing list, even emailing you to ask for your consent is against the law as it stands.
“In some cases it may not be appropriate to seek fresh consent if you are unsure how you collected the contact information in the first place, and the consent would not have met the standard under our existing Data Protection Act,” the Deputy Information Commissioner writes.
Mailing list massacre
One thing’s for sure. If a company’s been advised by its lawyers to get fresh consent from everyone on its mailing lists, a lot of them will wake up tomorrow morning with a list that’s a tiny fraction of the size it once was.
We’re all sick to the back teeth of getting these emails and most people will be hitting delete the moment they see those four dreaded letters. Expensively acquired mailing lists are likely to be a tenth a size of what they once were.
Are companies going to simply shrug, put it down to experience and move on? Or are they going to make every effort to get fresh consent from customers, even now the deadline has passed? What do you think?
The begging emails will keep coming. And it might not be just electronic mail you get on the subject, either. This dropped through my letterbox this afternoon:
I’ll bet you a tenner it won’t be the last of these I receive…
GDPR emails: the penalty?
The other reason companies will continue to play fast and loose with personal data is that the risk of being caught is minimal.
The Information Commissioner’s website lists all the enforcement action it has taken over the past three years. Only 29 cases have resulted in prosecution and 94 in a monetary penalty. And a good percentage of those have been taken against other public bodies, such as local government, NHS trusts and police forces. The Information Commissioner’s Office is the very definition of robbing Peter to pay Paul.
Your GDPR nightmare isn’t over. It may barely have begun.