5 min read June 13, 2018 at 10:52am
Holy Catfish Batman, that GDPR post went a bit nuts!!
It seems it struck a nerve, which is good, because this whole “you must reconfirm” nonsense is really starting to hack me off now.
If you didn't read the last blog post, go read it now, it will improve your life in ways you didn't think possible : http://www.ph-consult.co.uk/blog/gdpr-chill-out-we-got-this
After writing that, I was going to create “Part Two” which would have answered a bunch of questions that people asked me since publishing it, but the ICO yesterday released a blog post that backed up what I was saying!
I couldn't let that pass, so here's my take on it.
Right, on with the show!
The ICO wrote a blog…
For those that don't know, the ICO are the “grande fromage” of the data protection world in the UK.
They're the ones who are regulating GDPR for us Brits, and who will send round the spies to put a bat up your nightie if it turns out you're not doing things right.
And, because they're humans too (hard to believe, but it's true), they've also been receiving those goddamn annoying emails from companies saying “because our evil overlords have decreed it, we must ask you to opt in again”, and so they've written about it.
But here are the highlights together with witty comments and the odd swear word.
The myths of GDPR…
The blog explains in two sentences what I've been banging on about for ages:
Some of the myths we’ve heard are, “GDPR means I won’t be able to send my newsletter out anymore”or “GDPR says I’ll need to get fresh consent for everything I do.”
I can say categorically that these are wrong, but if misinformation is still being packaged as the truth, I need to bust another myth.
You read that right, they're saying that it's a myth that you need to get consent again for everything you do.
They go on to say…
We’ve heard stories of email inboxes bursting with long emails from organisations asking people if they’re still happy to hear from them. So think about whether you actually need to refresh consent before you send that email and don’t forget to put in place mechanisms for people to withdraw their consent easily.
I hear that, brother!! (or sister…)
In another paragraph they say this:
It’s also important to remember that in some cases it may not be appropriate to seek fresh consent if you are unsure how you collected the contact information in the first place, and the consent would not have met the standard under our existing Data Protection Act.
OK, so here's what this means:
Many people are sending out emails to people asking to re-subscribe. By sending out that email they could be in breach of the act because they're admitting they don't know how they signed up in the first place!!!
By sending out that email, they're in breach of the act!!!
Yes, it's legal roundabouts and you're unlikely to be caught out by it, but seriously, the advice that some consultants is giving is just plain nonsense!!!
Here's a very important bit of information from the ICO blog:
…don’t forget to put in place mechanisms for people to withdraw their consent easily.
Your customers are (mostly) not stupid
If you have an option to sign out of your newsletter on the bottom of each email, then you're probably going to be absolutely fine.
That's assuming your mailing software is good enough to make sure that people who click it are unsubscribed straight away and can't be manually added again.
All the popular systems do this, Outlook blind copying doesn't.
Your customers know how to unsubscribe. If they want to, they can do it easily.
Here's what the ICO says on it:
Organisations risk non-compliance if their emails are difficult to follow and key information is lost at the end of long text – people must clearly understand what they are consenting to.
That's pretty simple.
So we can begin to put together a scenario of when I could end up falling foul of GDPR when it comes to mailing lists:
What might happen if you ignore unsubscribes:
You send out an email to your mailing list explaining about some amazing offers you've got going on.
Mr Recipient reads it and then clicks “unsubscribe”.
You ignore his request and keep sending him emails!
Mr Recipient gets angry and informs the ICO who tell you to STOP!!!
OH NO! Because you're an idiot or something, you keep sending him emails!!
Stop it already!
The ICO get really angry and fine you a gazzillion pounds. The resulting bad press means you have to move to the moon or worse ...
That's a bad thing to do, you'll get a slap. You probably won't get fined, the ICO will likely be in touch and say “your processes suck, fix them and apologise to the people you've pissed off.”
If you then ignore this and send 200,000 emails to people who have already unsubscribed, you'll get a kick up the arse and you might then get fined.
Good, you suck.
Here's something else that might happen, this time without the fancy (ha! Fancy??!) graphics:
You send out an email
The end user can't remember signing up so reports you to the ICO:
“Hi, ICO here, how can I help?”
“I received an email from someone and I can't remember signing up, please fine them 17 million pounds”
“Err, OK, is there an unsubscribe link?”
“Click that and chill out.” <click…brrrrrrr>
The ICO will use common sense, which means everyone else should, too.
Part three coming soon…