GDPR - anyone working in this area?
Discussion
Eric Mc said:
Vaud said:
What has always annoyed me about EU directives is not the intent or even the consent of the directive, or even the local implementation.
It’s the enforcement.
Take food hygiene rules. Heavily codified in uk law (and rightly so). Fairly well enforced via environmental health, etc, but take one step into French or Greek (by example) markets or local shops and see it ignored on a wholesale basis.
That's always been the case. We are a much more "rule obeyance" country than many others. Even without the EU Britain has been keen to introduce lots *(and lots) of legislation. However, even with massive legislation in many areas, these extensive rules are often ignored in the UK too.It’s the enforcement.
Take food hygiene rules. Heavily codified in uk law (and rightly so). Fairly well enforced via environmental health, etc, but take one step into French or Greek (by example) markets or local shops and see it ignored on a wholesale basis.
To give a practical example my council trading standards used to visit 'high risk' food manufacturers every year but now due to budget cuts its been changed to every 5 years. A lot of these businesses will do what they can get away with without being checked as the market is so competitive.
I often worked with many other regulators and the same was across the board - including the ICO. I suspect you will find many a person who have reported DPA breaches to the ICO and found no action was taken as they don't have the resources.
Quite a few of the new EU laws like GDPR and new laws on package holiday protection are updates for the modern world so I don't see a problem with them TBH, There are some consumer protection laws coming in a couple of years to fill existing gaps which we may miss out on now.
Mojooo said:
I often worked with many other regulators and the same was across the board - including the ICO. I suspect you will find many a person who have reported DPA breaches to the ICO and found no action was taken as they don't have the resources.
The ICO has beefed up its staff, including taking on a significant number of former police officers for their investigative capability. Under GDPR there isn't supposed to be a fee for registering with your country's data protection authority, but the ICO managed to work one into the UK's Data protection bill.
gothatway said:
pmanson said:
Received an email from Trust Pilot this week:
Really? That sounds like default opt in to me, which I thought was verboten?trustpilot said:
If for any reason you don’t agree with our updated Privacy Policy and would like to close your account, you can do so. Simply log in to your account, go to your Personal Settings and select “Delete my profile”.
Pretty much spot on! A question about gdpr.
Lots of recruitment companies, who I have never dealt with but managed to get my data at some point in the past are sending gdpr emails.
Most are asking for consent to keep my data, however a few are saying along the lines of 'business as usual unless you contact us to ask for your data removal' and the email comes from a noreply address so making it more of an effort.
Is it legal to do this automatic opt in unless you opt out?
Lots of recruitment companies, who I have never dealt with but managed to get my data at some point in the past are sending gdpr emails.
Most are asking for consent to keep my data, however a few are saying along the lines of 'business as usual unless you contact us to ask for your data removal' and the email comes from a noreply address so making it more of an effort.
Is it legal to do this automatic opt in unless you opt out?
Edited by hyphen on Monday 21st May 17:23
hyphen said:
A question about gdpr.
Lots of recruitment companies, who I have never dealt with but managed to get my data at some point in the past are sending gdpr emails.
Most are asking for consent to keep my data, however a few are saying along the lines of 'business as usual unless you contact us to ask for your data removal' and the email comes from a noreply address so making it more of an effort.
Is it legal to do this automatic opt in unless you opt out?
TinRobot is the best person to answer this. But as I understand it if a recruitment company believes that you originally consented to receive emails and that consent was to the GDPR standard: "freely given, specific, informed and unambiguous" or they they have another legal basis for communicating with you then they are not doing anything wrong. They would have to have traceability for this consent though or be able to justify that they have a legal basis.Lots of recruitment companies, who I have never dealt with but managed to get my data at some point in the past are sending gdpr emails.
Most are asking for consent to keep my data, however a few are saying along the lines of 'business as usual unless you contact us to ask for your data removal' and the email comes from a noreply address so making it more of an effort.
Is it legal to do this automatic opt in unless you opt out?
Edited by hyphen on Monday 21st May 17:23
Under existing laws every marketing email must have and opt out link.
plasticpig said:
hyphen said:
A question about gdpr.
Lots of recruitment companies, who I have never dealt with but managed to get my data at some point in the past are sending gdpr emails.
Most are asking for consent to keep my data, however a few are saying along the lines of 'business as usual unless you contact us to ask for your data removal' and the email comes from a noreply address so making it more of an effort.
Is it legal to do this automatic opt in unless you opt out?
TinRobot is the best person to answer this. But as I understand it if a recruitment company believes that you originally consented to receive emails and that consent was to the GDPR standard: "freely given, specific, informed and unambiguous" or they they have another legal basis for communicating with you then they are not doing anything wrong. They would have to have traceability for this consent though or be able to justify that they have a legal basis.Lots of recruitment companies, who I have never dealt with but managed to get my data at some point in the past are sending gdpr emails.
Most are asking for consent to keep my data, however a few are saying along the lines of 'business as usual unless you contact us to ask for your data removal' and the email comes from a noreply address so making it more of an effort.
Is it legal to do this automatic opt in unless you opt out?
Edited by hyphen on Monday 21st May 17:23
Under existing laws every marketing email must have and opt out link.
https://www.theguardian.com/technology/2018/may/21...
For those companies sending emails asking for consent but not having an option to opt out I have been sending this email. 6/7 have replied, confirmed receipt and said they would remove my data. Only 1 didn't reply but that was expected.
Me said:
I withdraw my consent for COMPANY NAME to store data about me. As you did not include this option on your newsletter, I also ask to be unsubscribed from your email newsletters and future communications from you.
Please confirm receipt of this email and that steps will be taken to delete my data from your computer systems and databases.
Please confirm receipt of this email and that steps will be taken to delete my data from your computer systems and databases.
DELETED: Comment made by a member who's account has been deleted.
I could do this for you. I'd just need a small insight in to what you're thinking and how you'd want it set out and I could pop it together. Shouldn't take too long. Feel free to send me a PM on here and we can talk via email.I presume though that the processing of the data can be done for multiple reasons for different things - relating to the same person
So you buy a car from BMW but they also want to market to you
Any communications to do with the contract have a basis - so they can bill you
But anything for the marketing list needs consent
So you buy a car from BMW but they also want to market to you
Any communications to do with the contract have a basis - so they can bill you
But anything for the marketing list needs consent
Gassing Station | Business | Top of Page | What's New | My Stuff