GDPR, Re-Consent and PECR
With GDPR a week away I’ve been seeing an increase in reconsent emails being sent out from various companies who have my work and personal email address on their mailing lists. Every single one of these has mentioned updates to privacy policies and needing to get my reconsent to keep emailing me.
This has actually been quite good as it is been useful to see who has my email address and it’s a frightening number of companies. To date, I don’t think I’ve reconsented to a single one mostly because it’s nice to have a clear out but also because the flood of these messages is getting rather silly with the vast majority occurring in the last couple of weeks which suggests to me that a lot of companies have been ignoring GDPR until the last minute.
What is also quite fascinating is that the majority of companies are doing this on the advice of a legal team “to be on the safe side” even though it is not actually required.
Alongside GDPR is another law called “PECR” or the Privacy and Electronic Communications Regulations. These are specifically written to cover areas like electronic interaction and marketing. PECR will sit alongside GDPR for the time being, my understanding is that eventually, PECR will fold into GDPR and leave GDPR as the law that governs all data protection and marketing activities.
Having said all of that reconsent in and of itself, is not a bad thing as one of the GDPR requirements is to keep accurate data and, with companies propensity to hoard contact information it is a guarantee that a proportion of it will be out of date.
Going forward, using double opt-in’s almost becomes mandatory to ensure that the submitted information is accurate. A double opt in is where a user fills out a form on a website and then clicks on a confirmation link. If you have been using double opt-in’s from day one and actively deleting people who ask to leave the marketing lists then you’re pretty much covered and have no need to get reconsent. Do keep an eye on PECR and changes to GDPR that will surely be coming when the first legal cases reach the EU courts.
Disclaimer: I’m not a GDPR or data protection expert, this is just my summation from talking to people and reading up on data privacy threads.
Subscribe to Ramblings of a Sysadmin
Get the latest posts delivered right to your inbox