Ladies’ lingerie or GDPR

When considering what to rant, I mean write, about in this week’s blog two topics sprang immediately to mind – ladies lingerie and GDPR!

However, I have decided that writing about ladies’ lingerie is too risky – especially in a blog that I am sending to people I don’t personally know and who haven’t actually given me permission to send it to them!

So, it will have to be GDPR.

Ironically my inbox is currently being bombarded with unwanted and unsolicited emails from companies offering to help me comply with the new data protection regulations before they come into force on 25th May.

I’m sure we need more stringent data protection laws but, at the same time, for every organisation that is seriously abusing people’s personal data there are thousands that are collecting and using people’s basic contact data purely for legitimate business purposes.

But, under threat of huge fines if they don’t comply with GDPR, every organisation in the country is being encouraged  to review their use of personal data.   My gripe is that the guidance being offered is so complicated and time-consuming. What’s more, it doesn’t give definitive answers. As a result there a  lot of myths about GDPR compliance.

The Information Commissioner’s Office ‘Guide to the GDPR’ is 185 pages long. I dread to think how many thousands of executive hours have been spent just reading and digesting it.

It’s no wonder so many consultants have sprung up offering to sort out your GDPR compliance needs for a very reasonable fee.

Either way, I believe a lot of organisations have been scared into spending more time, money and concern on GDPR than is really necessary.

For example, for the past few weeks, in addition to the emails from GDPR consultants, my inbox has been full of emails from organisations that I know and have dealt with in the past, asking me to confirm I’m still happy to hear from them. Even the Pro at my golf club emailed me to check I was happy to receive his newsletter.

In these circumstances, renewing consent isn’t necessary. Contrary to popular opinion, consent is not the silver bullet for GDPR compliance. In fact, there are six lawful bases on which you can make use of personal data.

The most flexible lawful basis is ‘legitimate interest’ which a high percentage of organisations will be able to rely on. According to the ICO, it is most appropriate where people’s data is used in ways they would reasonably expect and which have a minimal privacy impact.

At Source we’ll be using ‘legitimate interest’ as the basis for continuing to  send you our newsletters and blogs but we will also make sure it’s easy to opt out if that’s what you want to do.

I’m not expecting the emails from GDPR consultants to stop after 25th May so I assume they will be relying on ‘legitimate interest’ too!

In summary, there’s a lot of scaremongering about GDPR but don’t panic. Ensuring compliance should be straightforward for most organisations.

At this point, I’m betting a lot of people are wishing I’d written about ladies’ lingerie. Maybe next time!

And if you haven’t a clue what I’m talking about, have a read;  

Written by Steve Clark, 18/05/2018