Quote:
Originally Posted by OLD BOY
Once again, you are failing to grasp the point I am making. Of course personal data should be protected. Where have I said it shouldn't be? What I said was that the obligations of organisations should be set out in law, and not repeated in documentation issued by every organisation. That is efficient and effective and seems to work perfectly well in other areas of law.
By the way, a privacy notice is paperwork, Andrew, as is the millions of letters or emails sent to all service users to say what good, responsible people we are in getting your consent, despite the fact that you already knew why we were collecting your name and address in the first place.
Not every organisation is another Facebook or Cambridge Analytica. Talk about sledgehammers and nuts!
|
I've not said that you've not said it shouldn't be protected. Where have I made such a statement?
The obligations for organisations are set out by the GDPR. But a privacy notice for Facebook will vary from that for a local snooker club, for example. That's sensible, proportionate and not a sledge hammer by any wild stretch of the imagination.
There is legitimate use of customer data, you don't need to get customers' consent if this is the case. If you're sending millions of emails it sounds like you're the consultants' favourite customer and are gold-plating things unnecessarily as your prejudices are overly-shaping your implementation.