Tag: gdpr

GDPR Non Compliance

The General Data Protection Regulation (GDPR) places legal requirements on organisations that use any personal data and send out marketing emails etc.

It is up to each organisation to ensure they comply with the regulations and there are nasty punishments for those who don’t.

However, some scammers have been finding new ways to get at businesses over GDPR.

For example, by sending emails and letters that threaten action unless your business registers with them.

(see blog post https://fightback.ninja/test/gdpr-non-compliance-scam/ )

Some scammers check business names against the public list of those that pay the Data Protection fees but others are too lazy to do that and just send the threatening emails to everyone on the spam lists they buy.

There are of course exemptions from paying the fees e.g. voluntary and charity organisations are often exempt depending on how they do their marketing.

If you’re exempt then don’t be taken in by threatening emails.

If you’re not sure if your business is exempt then refer to https://ico.org.uk

Don’t be conned.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature

GDPR Shutdown for Some American Companies

The start date for the General Data Protection Regulation(GDPR) was 25th May 2018 and almost all business and other organisations affected were well prepared.

But some went a little mad instead.

The GDPR rules are intended to give consumers more choice over how they are communicated with, better protection of data held by organisations and more openness in the communications.

But, dozens of websites shut down their activities completely, others insisted users agree to new terms of service, and everyone’s inboxes have been flooded with emails begging them to agree to stay on mailing lists.  Quite often the emails have been from companies we didn’t even know had our details.

Margot James, the digital minister said that businesses would now have to prove they had been given permission to use an individual’s information, including contact details.

“Except in certain, limited instances, organisations now must demonstrate they have our explicit consent to process our sensitive personal data. Generally, we’ve also given greater control to the British public over how their data is used. No doubt like me you’ll have received a flurry of emails in recent weeks from the organisations currently holding your data, and perhaps some you weren’t even aware did, asking for you to re-submit this consent.”

Many American companies have been unsure what to do and opted for simply closing their websites to European users.

  • Instapaper has blocked European users
  • me says European users cannot use its products
  • com is blocking European users
  • The Los Angeles Times
  • The New York Daily News
  • The Chicago Tribune

A little planning would have removed the need for such precipitate action, but hopefully they will open their doors to Europeans again soon.

Do you have an opinion on this matter? Please comment in the box below.

Fightback Ninja Signature

GDPR has Landed

GDPR is the latest EU regulation intended to give consumers better protection for their personal information held by government, businesses and any other organisations.

And today’s the day it becomes Law.

GDPR may make a worthwhile difference for consumers as it puts pressure (and the threat of large penalties) on businesses to use clear concise language, make it clear what they want your data for and exactly how it will be used, ensure they have your consent for such messages and give you an easy route to making them delete all personal information.

You’ve probably had requests recently in the post or online from businesses wanting to stay in touch with you after today. This is because from today they have to show that you chose to allow them to contact you – not just assume it was OK as often happened in the past.

Plus many are taking the opportunity to revamp their policies over Marketing messages etc.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

If you’ve enjoyed this post or found it useful then do share – click on the post title then scroll down to the social media share buttons.

Fightback Ninja Signature

 

Why You Need Double Opt-In Marketing

With single opt-in, you let people sign up to your newsletter, subscription or whatever by simply clicking once on a link or filling in a contact form etc.

But double opt-in takes this a stage further and you have to get the person to either return an email confirming their registration or  click on another link in an email to confirm.

Hence it is a two-step process to register.  This extra step will mean you lose some people, who would have otherwise registered with just the single opt-in, but there are advantages to double opt-in and it becomes law in May 2018 with the European Directive General Data Protection Regulation (GDPR).

From May 2018, consent for processing personal data and any Marketing communications must be freely given and unambiguous i.e.no pre-ticked boxes, generic descriptions or over complicated terms and conditions.

GDPR also states that companies must keep a record of how and when the customer gave such consent. The double opt-in method is considered the easiest way to comply.

If you’re offering incentive to get people to sign up to your subscription or newsletter etc. then there are likely to be many people who sign up but with fake email addresses and spambots that try to sign up.  This means that many of the email addresses on your list will be bogus and hence you will be wasting your time sending out emails to them.

Double opt-in takes care of this as only people who give correct email addresses will sign up and if the second stage of confirmation has not put them off then you have a better quality email list.

So, double-opt-in as well as becoming a legal requirement may actually help you.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature

General Data Protection Regulation

The 1998 Data Protection Act was passed by Parliament to control the way information is handled and to give legal rights to people who have information stored about them.

Other European Union countries have passed similar laws and there is the complication that often data is held in more than one country.

The General Data Protection Regulation (GDPR)  comes into force in May 2018. It is an EU regulation and takes effect in the UK regardless of the BREXIT situation.

With so many businesses and services operating across borders, international consistency around data protection laws and rights is crucial both to businesses and organisations, and to individuals.

Who does the GDPR apply to?

The GDPR applies to processing carried out by organisations operating within the EU. It also applies to organisations outside the EU that offer goods or services to individuals in the EU.

It  does not apply to certain activities including processing covered by the Law Enforcement Directive, processing for national security purposes and processing carried out by individuals purely for personal/household activities.

It applies to ‘controllers’ and ‘processors’. The definitions are broadly the same as under the Data Protection Act (DPA) – i.e. the controller says how and why personal data is processed and the processor acts on the controller’s behalf. If you are currently subject to the DPA, it is likely that you will also be subject to the GDPR.

If you are a processor, the GDPR places specific legal obligations on you; for example, you are required to maintain records of personal data and processing activities. You will have significantly more legal liability if you are responsible for a breach.

However, if you are a ‘controller’, there are still obligations where a ‘processor’ is involved – it places further obligations on you to ensure your contracts with processors comply with the GDPR.

Does the GDPR apply to Personal Data?

Like the DPA, the GDPR applies to ‘personal data’. However, the GDPR’s definition is more detailed and makes it clear that information such as an online identifier – e.g. an IP address – can be personal data. The more expansive definition provides for a wide range of personal identifiers to constitute personal data, reflecting changes in technology and the way organisations collect information about people.

For most organisations, keeping HR records, customer lists, or contact details etc., the change to the definition should make little practical difference. You can assume that if you hold information that falls within the scope of the DPA, it will also fall within the scope of the GDPR.

The GDPR applies to both automated personal data and to manual filing systems where personal data are accessible according to specific criteria.

 

Basically, if you are subject to the DPA then you need to plan to ensure compliance with the GDPR .

More information available at http://www.eugdpr.org/