When will it all stop?

I saw two iterations of the same erroneous statement about the General Data Protection Regulation (GDPR) this morning, and it’s instructive to compare them.

One was in a Times article by journalist Danny Fortson. This said:

[Under GDPR] organisations large and small will have to ask for new permission to keep personal details on file

The other was contained in a brief twitter exchange which I barged into, in which a personal trainer revealed that a “GDPR consultant” had told her that she

had to regain all [client] details and destroy all the previously held info

I haven’t got anything profound to say here – just three observations: 1) GDPR absolutely does not expressly require businesses to do anything about client or customer data already held, let alone contact those people to get their consent 2) there is some shockingly bad advice about GDPR apparently being promulgated by people purporting to be competent to give it 3) there is a rather toxic feedback loop by which this shockingly bad advice is repeated in the media, and then picked up by others.

I hope it will all calm down after 25 May. And I also hope that decent people running decent businesses don’t get permanently harmed by this situation.

The views in this post (and indeed all posts on this blog) are my personal ones, and do not represent the views of any organisation I am involved with.


Filed under Uncategorized

3 responses to “When will it all stop?

  1. Mark Johnson

    When you ponder why these businesses are frantically re-gaining consent, could it be because (1) they used consent as basis for processing at outset, but cannot find the records to prove this; and/or (2) they can’t be sure that some of the recipients of their email marketing are consumers (inc sole traders and unincorporated partnerships), as opposed to ‘corporate subscribers’, and so are erring on side of caution?

    • I’m sure in some cases that’s the case. What concerns me is that “the side of caution” is not some risk-free area – emails seeking consent to future marketing are, and have been held to be by the ICO, marketing emails in themselves – so they might be unlawful (also in themselves).

  2. Pingback: Weekly Notes: legal news from ICLR - 21 May 2018 - ICLR

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s