The best way to make sure your company does not fall afoul of the new GDPR rules is to look at the whole exercise as a way of analyzing, sorting and streamlining data so the information retained makes the company more lean and focused.
Maybe for you the 25 May doomsday deadline for the introduction of the European Union’s General Data Protection Regulation came and went with much the same lack of fanfare I remember associated with the Y2K bug.
I rather enjoyed the month of mild panic that came with GDPR from largely useless companies with very little to offer.
Even though GDPR came out of the EU, it has been accepted by all and comes with potential fines of €20 million ($23.4 million) or 4% of global turnover—of the year in which any breach could be proven—whichever is the highest.
Now that we are on the far side of GDPR, our inboxes might be happy not to have two out of every three emails be updates on companies’ privacy policies—many companies you would swear you had never heard of until their emails popped up—or requests for the owners of said inboxes to still be friends.
These emails have not been all the same.
Some contained messages that if you did not opt in, you would not hear from them again—these emails finished with notes that promised friendships would be sullied, hearts would be broken, et cetera.
Others I just ignored completely, thinking that would have the exact same outcome as if I opted out or unsubscribed.
Some “Unsubscribe” URL links led to pages that no longer worked, which surely cannot be a tried-and-tested route to keeping databases content-heavy.
So, many of those companies who bought my data have now spent money for nothing? I do not recognize them this time around, so I am pretty sure I would not have signed up in the original instance.
No doubt I have inadvertently signed up on mailing lists, and that might be much the same thing as having my information purchased. There is and never was a relationship with many of these companies.
But that is also true of other companies whose emails suggest that if I do not reply, then that silence is tantamount to acceptance. These companies presumably would still have data on all of us, data we might not want them to have.
If anyone asks them what information they have, they are obligated under the new rules to state what they have and delete it at your request. But I’m not sure that merely having your information would constitute a breach, as presumably you might have granted them permission either voluntarily or inadvertently, which in this context sounds like the same thing.
Or you will simply drop off their databases—or you did so on 25 May.
There is no standard, it seems, to all the emails we’ve all received.
The current landscape resembles a sodden moor of sinkholes that, I’m sure, will be filled in by legal cases and resultant decisions.
Just hope it’s not you who are the defendant in any case.
Do you think there is a legion of second-year law students itching to submit subpoenas to fulfill their theses on GDPR technicalities?
The only sensible thing I have heard about GDPR—all the way back in December when GDPR was nebulous at best—came from cyber and privacy consultant Moyn Uddin.
“(GDPR) is an opportunity to have organizations really go out and find out what data they have, but not only that, to analyze where they get it from, what they have and why they have it,” Uddin said.
That seems to me to be an eminently sensible idea about anything new and legal.
A housekeeping exercise.
The opinions expressed in this column do not necessarily reflect the opinions of Hotel News Now or its parent company, STR and its affiliated companies. Columnists published on this site are given the freedom to express views that may be controversial, but our goal is to provoke thought and constructive discussion within our reader community. Please feel free to comment or contact an editor with any questions or concerns.