There has been a lot of new about the new General Data Protection Regulations (GDPR) and it seems that every five minutes we are receiving a new email from someone telling us that they are now GDPR compliant and / or they need you to opt in to their mailing list, even those companies that we had long forgotten about. We at CritchCorp Computers Ltd have also undertaken this endeavour recently, carrying out many internal assessments to ensure that we are compliant with the new laws and sending out emails to everyone to ensure that they know about it and have the opportunity to opt in, as required by the new laws, to our mailing list for Alerts, News and marketing emails and updating privacy policies and the like.
We started looking in to it in a serious way a few months ago and realised that, whilst it was very similar to the UK data protection laws already in place there were some significant differences; differences that we had already been trying to incorporate in to our business anyway; that is, your data is yours – always. To this end we have never been a fan of sending mass emails because we could never really be sure that everyone receiving the emails would want them, so we didn’t. We instead used social media sites such as Twitter to send notifications to our followers that a new Alert, News article or promotion was available on our Blog. Unfortunately, the big social media sites care less about security of personal data and more about profit, so some years ago we stopped using them too. This has caused some clients to complain about the lack of communication.
The biggest part that will affect many companies and the way they do business is one of the biggest things we hate anyway. SPAM and bulk/mass mailings. We have some magnificent spam filtering technologies that we use and we offer our customers in order to keep them safe and their inboxes free of unwanted bulk emails and unsolicited emails. The new laws, which come in to effect on the 25th May 2018 will make it harder for those companies that rely on getting names and email addresses from third parties in order to send marketing emails to. Whilst some of these lists have been honestly and reliably obtained with the consent of the person giving it, most are not, they are harvested from websites and stolen emails and stolen databases which can be sold on dozens of times to other list makers who combine them together to make new lists. This means that your email can be sold on several different lists and opting out of the original list will not get you out of the multiple other lists. For any company doing business in or with the EU from 25th May 2018 they will not be able to use these list unless they can prove that they themselves have permission from the person who owns the data (that is to say the email address and name owner not the list owner). The list owner must keep a record of the permission given by the data subject and evidence. That is because personal data is personal. Your name and email address, and everything else personal about you, is your data and you own it. No one can see or even store that data without your say so, anymore. There are some obvious exclusions; for instance if you buy a domain name, then you are required to hand over your personal data, such as name, billing address, etc. This is required by the contract between you and the registrar (us) and will be shared with the registry, it can’t work without it. In the past much of this data was available online about who had bought a domain name and how to contact them, this will no longer be the case and so this brings us to a point that will be covered in a new posting soon but you need to ensure you have your domain name data up-to-date because it will become next to impossible to recover after the 25th if your data is out of date and you lose access to the recovery email or don’t know what it is. (More about that in a later article).
There are much stronger penalties for companies and individuals who break these laws, up to €10 million or 2% of global turnover, whichever is the higher. That is probably the single biggest motivator for all these companies to finally start taking your data protection seriously. We have always been an advocate of security and do our best to keep things secure. The new reporting obligations under the new laws are also scary when you look at them for the first time. For instance if the postman comes in to deliver a letter and happens to look at the screen whilst you have a customer’s details on the screen; that is a data breach and needs to be reported to the ICO. There are greater penalties under the new law and so you must keep people’s data (data subjects) safe and people have the right to have their data kept safe. If you use personal data then you must have a lawful purpose to do so and the permission of the person to use it and furthermore that permission to use it can be withdrawn at any time in the future. This does go somewhat above what is currently allowed in the law. There are also specific rules for reporting and disclosing data breeches, for example from being hacked and having your database stolen.
As a result of not using social media customers have been complaining about the lack of communication about new products, so while we were getting ready for GDPR we have revamped our website, incorporating the old blog in to it and ensuring that we have all the tools setup to inform those who want to be informed and leave those alone who don’t. we will now use the mass mailing technology that we have for sending out Alerts, News and special offers at least to point you to our News pages to read the full story or get the full details of the promo codes but now that you will defiantly only receive emails if you want them and with not using the big social media sites anymore you can be sure to get as much as you want from us and no more. You can always drop by the news pages to get informed without invitation.
GDPR gives you more freedom to have your data removed, with the right to be forgotten being the biggest amendment going in this section of the regulations, which comes from the Google case in the European courts. You have the right to have old and out of date data removed from searches in search engines such as Google, Bing, Yahoo, etc. This was of course somewhat catered for under the existing UK Data Protection Act in that all data that was held about you had to be correct and relevant and not held for longer than is necessary. If it was not correct you could have it corrected. The new GDPR should make it easier as well as extending these rights to have information you deem not relevant or damaging removed from certain places or views.
On the whole people should feel safer to get their data back and the hope is that you will not receive as much spam as you have done but the problem there is that the bad guys don’t really care about the laws (that’s why they are bad guys) and they will probably still send you emails that look like they come from someone else so you will still need to keep your guard up and check that the email you received is actually from the person it says it is from.
We made everyone, who hadn’t specifically said ‘yes’ to being on our mailing list, opt out of our mailing list so if you want to receive Alerts, News and marketing emails (which we don’t send too many of) then you need to login to your account and say yes to receiving them; remember you can always opt out again if you want to; hopefully everyone will be doing this from now on. Opt Out by default is the law from the 25th May 2018.
We are GDPR compliant.
Surf safe and stay alert, they are still watching you.
CritchCorp Computers Ltd