GDPR is coming! Why the panic?

If you haven’t yet heard of GDPR then you are one of a very lucky few! Businesses are being made more accountable on the collection and handling of our personal data like getting explicit consent for marketing communication. It’s been on the horizon for quite some time. I’ve even been lucky enough to do the terrible training at work – where you are forced to click progress points – before going on maternity leave. With the deadline of tomorrow, this last week has seen a flurry of ironic emails in my inbox asking for consent to continue getting emails! However, I find those informing me of privacy policy updates more irritating.

As a consumer, I’ll be ignoring emails from companies I don’t care about, no matter how attention-grabbing or nauseating the title. Anything to get people clicking the opt-in link I suppose. Though some have sneakily made it an opt-out link – presumably hoping I won’t read the email and stay subscribed! If GDPR achieves nothing else for me, at least it’s given me opportunity to cull a few senders. Next week I’m hoping to wake up to a lighter inbox.

Why the panic? I’m far from an expert but if consent was properly obtained in the first place then there shouldn’t be much to fret about. For those with dodgily obtained email addresses or selling data then GDPR or not, these weren’t good practices!

As a hobby blogger, I’m still subject to the regulation and although it seemed daunting at first, the Information Commissioner’s Office (ICO) website has actually been quite useful. There are self- assessments for the GDPR scenarios a business may find itself like the ICO Data protection self assessment. Unfortunately, as with PPI, there’s a rise of a new breed of consultants, who will charge to make you GDPR-compliant. Might have something to do with the massive fine mentioned on the ICO’s website but there are warning steps before the fine is issued. Large businesses may very well find this service useful or already have the role in place from their previous data protection work. This leaves the small to medium-sized businesses open to exploitation.

What’s been on my to-do list? Figure out how and where personal data is being collected on my blog. Blog comments (name & email), mailing lists, competitions & cookies (IP addresses) are the usual culprits. which is also personal data. Thankfully WordPress has the option to make name & email optional for comments. For cookies, I need a cookie consent pop-up. Also need a privacy policy to inform visitors how their data will be used, which again, WordPress has a template I can tweak to my needs. I don’t run competitions yet and I suspended my email list a long time ago so unless there’s a rogue plugin collecting data then I’m all good for now.

So before rushing to decimate email lists, if the purpose of obtaining data was clear from the start then this may not be necessary. Although some bloggers are using this as a chance to only keep dedicated subscribers. Sadly, the companies that are spamming will probably continue without repercussion. I am yet to get a consent email from those in my spam folder!


Spread the love

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.