Reply With QuoteA good time to have a clear out of unwanted subscriptions ... just 100 you say! I didn't realize how many mailing lists I'm on! :)
Must have had 100 emails so far. No more. I don't care. Aaaaarrrrrggggghhhhhhh...........
A good time to have a clear out of unwanted subscriptions ... just 100 you say! I didn't realize how many mailing lists I'm on! :)
Agree. I was about to post the same thread. Utterly sick of these email.
I got a voucher for a free drink from Fullers for opting in.
Which was nice.
I think I'd have been happy to stick with the old rules and had my privacy breached rather than deal with all the emails.
it is stupid. I gave my consent 2, 3, 5 years ago, why should I tick all the boxes again?
Marketing folks like me are also fedup of having send them....But we now have to have explicit consent that you gave us permission to market to you and be able to prove it if requested.
Tomorrow is the deadline for compliance, hence the deluge of emails. But it is an easy way of opting out of a load of rubbish you don't want, just delete them and ignore.
I gave my explicit consent years ago, yet I am getting unwanted reminders to give my explicit consent again.Originally Posted by LuBee
I’m responsible for our firm’s GDPR update and it’s been a nightmare.
I had a query over marketing that all the paperwork/information supplied didn’t answer so phone the ICO and got an answer. Straight away my boss questioned their answer so I phoned ICO back only to get a different but non definitive answer, and the ICO are the UK supervising body!
It’s causing mayhem and confusion.
http://www.bbc.co.uk/news/technology-44224802
I scored 6/9
8/9. Just got the last one wrong as I couldn't see how a company can be expected to export personal data in a format suitable for importing into any other system.
Apart from the above, we are feeling fairly safe in our interpretation and application of GDPR. We are about to send the "our data policy is changing" notification email.
Interpretations have shifted significantly in the last three weeks from - "email out and seek new consent", to "email a notification that the policy has changed", to "do nothing if you believe you already have consent". Like most, we have opted for the middle ground although we realise this may not be strictly necessary.
I got 0/2 and to be honest even though I am reasonably interested in this aspect and it is clearly going on where I work, I got completely and utterly bored with the thing. The final answer (to the laptop) was verbal, "I don't know and I don't care and that's the most boring quiz I have ever started".
Yep but that's probably not recorded anywhere and if they're anything like my company they've changed systems at least 4 times since you gave permission :)
Had to put a filter on all my email accounrts (work, hobby etc) with the keyword "Privacy Policy" in the subject, and tat took care of most of them.
Bws
Franco
Hahaha! I got 0/1 ! :)
We are totally B2B so are leaning heavily on the legitimate business interest angle as per the direction of our data controller.....for B2C it must be an absolute nightmare
Sevvy, what was your query?
We use an online mailing company to send emails to business contacts and introducers (not clients though). GDPR states you’re not allowed to send marketing to individuals or sole traders without consent but then further down the same guidelines it refers to “soft opt in” and using legitimate interest rather than consent as legal basis.
So first call was prompted by myself and the bosses getting personal emails from companies which were a mixture of “please opt in or we can’t contact you in future” and “we’re holding your data securely and there’s no need to do anything unless you want opt out” but without the need to opt in. ICO said we’d need consent to market individuals in first call but when this was discussed we went back to ICO who said we could use soft opt in but soft opt in would disappear in the future.
So I just said to the guy “will we fall foul of the law if we continue to market using soft opt in and legitimate interest”. His reply was “you may do but there’s no case law to base it against at present”
Is it any wonder it’s a nightmare when you can’t get a consistent answer from the supervisory body.
This is just the nanny state gone mad. I don't need some idiot in Brussels deciding whether I need protecting from evil emails or not, I can do that myself and so can the rest of the population.
The total cost of this must be up in the millions. Utter madness.
There are two basic parts. 1. Are you processing people’s data legally (securely etc.) ? 2. Do you stop sending messages to people when they ask you to?
I think both aims are well worth pursuing, and this legislation looks like it will help. Unless you are OK with Cambridge Analytica etc.
We've had the same problems at work with 3rd party reader offer clients not wanting our company policy wording on their pages and the company actually not really having any clear policy wording anyway. The marketing department seems to be winging it.
We also all have to complete an online training programme before tomorrow so I best crack on …
Yes correct but I suspect that nothing positive will be gained over this, it seems to reek of over protection.
As regards to Cambridge Analytica, if you have a bank account, a mobile phone and a FB account, you have virtually given every ounce of information about yourself to the world. It's life, live with it.
I’ve still got one or two secrets Mick, just to preserve my air of mystery.
I accept I’ve given up a lot of data. I would like it to be held under a tighter legal framework though.
Yes privacy is a tough subject.
I spend 24 weeks each year in Spain and let us suppose I collapse with a heart attack or have a stroke. It would be damn useful if the Spanish hospitals could use my NEI number (which you are required to carry) and contact the NHS in order to establish my medical condition. This is technically feasible but won't happen because of privacy laws. Thus I may die to retain my privacy.
Far better to let us all chose what information we voluntarily chose to release or not.
Interesting point. Which clause in the GDP Regulation forbids the processing of data in a situation of such vital interest to you?
Sent from my iPhone using Tapatalk
From the BBC Article:
I don't know whether that will be easy to apply between EU and non EU countries but let's hope so.One basis for processing and sharing an individual’s personal data is that it is necessary to protect their vital interests, which includes saving their life.
So, sharing data with a hospital's A&E department for an emergency would count, but consent might be needed if it were instead for a pre-planned procedure.
I’m hoping that by ignoring the vast majority of these emails, that my inbox will be eerily empty tomorrow 😀
We shall see....
[QUOTE=Mick P;4773855]Yes privacy is a tough subject.
“I spend 24 weeks each year in Spain and let us suppose I collapse with a heart attack or have a stroke. It would be damn useful if the Spanish hospitals could use my NEI number (which you are required to carry) and contact the NHS in order to establish my medical condition. This is technically feasible but won't happen because of privacy laws. Thus I may die to retain my privacy.”
Ultimately the boundaries of GDPR will be interpreted and set by the courts. But l believe that in the case you outline above the new regulations specially allow for information to be passed in order to save your life, hopefully.
Apparently this is just the beginning and there is going to be further legislation, built on the GDPR platform, to control the use of individuals information.
Social media watch out.
Last edited by ZIM; 24th May 2018 at 19:13.
Soft opt-in should really only be used/applicable where someone has used services or bought your products previously. Where consent has not been given previously then most GDPR emails requesting consent would fall foul of the Privacy and Electronic Communications Regs in any case.
I've had so much fun writing in-house policies and contract addendums because of GDPR, and I still feel that, for the most part, it's a huge waste of time. It would have been easier to apply separate offences relating to data breaches, insufficient data security and inappropriate data transmission etc.
It's just a matter of time...
It really is scaremongering on a massive scale, there must be a lot of law firm's cashing in off the back of these new regs.
I received an email from a regular supplier yesterday asking for my consent to continue to be contacted by email in the future. I said it would be unnecessarily difficult to do business without. Seems many companies are jumping at shadows.
I reckon I’ve had about 100 such emails too. A real mix of “for info”, “please click here opt in” and “please click here to opt out”. My default is to unsubscribe to all of them. Bored of it now.
Also had a project team at work hounding me to complete GDPR policies and controls, data retention protocols, disclosure protocols etc etc. I work in the Finance team and we have employee salary and bonus data, obviously. This just basic data that we need to do our jobs. But it falls into the GDPR definition of “personal data”. Apparently the Finance team now needs a host of special written GDPR policies and controls justifying to the company we work for why we need to use the companies own data on its own employees to do our daily jobs for the company. Utter drivel and the absolute bain of my life at a time when the team are flat out doing annual budgets.
For example, do you have a functional or company wide instruction telling you how to report breaches, loss or leaks of this salary and bonus data? If yes, then you should be well set, no fuss. If no, then shouldn't you?
Maybe an overreaction to Article 28 - but... maybe justified, or not, dependent on too many other factors.
It's just a matter of time...
Ironically, for an initiative aimed at eradicating spam, it’s encouraged a deluge of it.
I also have had a few cheeky ones which say would you like to Opt Out. My understanding of this is its no more emails unless you Opt In.
I guess the first scalping will set what everyone does going forward.
Yes but it’s not all about breaches. Apparently the Finance team still need to justify why we use the personal data, explain whether there are alternative ways to achieve what we need without using personal data or minimising it’s use, explain our policy for personal data retention, process and controls over deletion, process if we are asked to disclose the personal data we hold etc etc. It’s just employee salary data that we need to do our jobs and that any reasonable employee would fully expect the Finance function to use. It’s a huge overreaction but I cannot seem to shake off these damned project managers.
It got too much for me when the local takeaway emailed me their GDPR policy.
Why? You got mail form these companies for years, now all of sudden you unsubscribe? Did they not provided option to unsubscribe previously?
This is genuine question, because of I heard a lot stories like yours - oh, I can finally tell them to stuff up their emails. But you were getting most of them on regular basis, what changed?
Some of the notifications I have been getting are from organisations I have not heard from in years, and some I have never dealt with but must have my details on their database, probably from a marketing list they bought.
This has been a cleansing exercise for everyone.
Well that's a great point, but maybe too much was trying to be achieved at the same time with the same regs by the same date.
I don't buy it. If you haven't heard in years, you probably will not hear in the future.
I see.
Some companies that have been operating best practice regarding consent prior to the GDPR aren't placing their emphasis on consent now. I guess they don't need to. It's more about personal data rights. It'll be interesting to see what happens over the next month or two though once the first requests go through.
Breguet want me to become a member of their 'inner circle'. I wonder if they’ll let me bring my G-Shock along?
Those complaining about the 'nanny state' (yawn) should reflect on the fact that people (and we're all guilty to some extent) can't be bothered to look after their own data, and so governments have had to step in. Hence the terrible inconvenience of a few emails.
I've never used a Facebook 'app' for the very reason of data privacy, yet other people have without realising (or caring) that people were interested in their personal data (and that of their innocent Facebook contacts) in order to make money from states and organisations that wanted a crypto-fascist retard in the White House, and to put the unity of European democracies at risk.
Whatever you think of the causes that Cambridge Analytica served, these people will come after us all eventually if we let them. We should all be worried.
The legislation clearly hasn't gone far enough. I've had emails from companies that I want nothing to do with simply informing me that they have my data and they'll use it when it suits them. Well, no they won't - it's mine and I want them to delete it.
Last edited by Tony; 25th May 2018 at 10:02.
Yes, I was just using it as an example.
There’s a lot of unnecessary fuss being created around GDPR. It’s been around for two years in the lead time to actual enforcement. The fuss is because organisations and individuals have left it to the last minute and are doing stuff without understanding, thinking and in a rush. GDPR could probably be encapsulated in about six bullets or questions that are all quite reasonable and already applied as good practice in organisations: reason, processing instructions, responsible person, transferring, security, reporting breaches, deleting or returning data when no longer required that sort of thing.
I can understand why Finance has to have salary source data for business unit or project reporting, but this kind of data can get emailed internally, sent to home email addresses, loaded onto memory sticks, left attached to email chains. Therefore an organisation might have an instruction that this kind of data is anonymised when it can be, never sent to a home email address or put on unencrypted memory device and is deleted from your lap top when you’ve gleaned the source data you need.
I’m not an IT/DP cone-head or lawyer or anything like that.
Sent from my iPad using Tapatalk
You initiated every social online contact, so you can bloody well manage them yourself. Exercises such as this are expensive to set up and we all have to share the cost of having this unnecessary deluge of rubbish imposed upon us just because some people "can't be bothered to look after their own data".
If they can't be bothered to maintain their own data, that's their problem and not ours. We need less of the nanny state, not more.
Hopefully true, once GDPR really kicks in.
The answer to avoid these exercises and their associated costs may be simple. If any company I deal with online destroys my data one day later unless I write to them by post specifically saying they can keep my property, or offering it for a price. I could live with that.
Say what now?
I was hoping that by ignoring all the GDPR emails, I would be unsubscribed from all the junk mail I'm getting.
I was hoping the emails would stop today, but they keep on flowing. Strangely I got a load of emails from different estate agents today which makes me think they are all part of the same company
Posting Permissions
