Quote:
Originally Posted by 1andrew1
I've not said that you've not said it shouldn't be protected. Where have I made such a statement?
The obligations for organisations are set out by the GDPR. But a privacy notice for Facebook will vary from that for a local snooker club, for example. That's sensible, proportionate and not a sledge hammer by any wild stretch of the imagination.
There is legitimate use of customer data, you don't need to get customers' consent if this is the case. If you're sending millions of emails it sounds like you're the consultants' favourite customer and are gold-plating things unnecessarily as your prejudices are overly-shaping your implementation.
|
You questioned my appreciation of the value of having personal data, Andrew. I do not misunderstand that.
But you certainly appear to misunderstand the impact of this regulation on small and medium sized organisations if you believe that you don't need to get customer consent to use their data.
I am secretary of an organisation that collects names and addresses simply for the purpose of collecting subscriptions and sending information to our members. That is perfectly legitimate, but we still have to write to all 1000 odd subscribers and get their written consent to the collection of this data, and tell them how we use it, although they already know. We also have to give them all our privacy document.
This is simply unreasonable, short and simple. Apart from the time taken to compile all of this, we have to spend money on printing this lot, and train everyone on their duties under the regulations even though they already comply. We cannot risk a fine for not doing any of this properly.
I think you need to read the regulation again, Andrew, because I don't think you have taken the full implications on board.
Just read the ICO site and consider how a small organisation gets its head around all of this. It's a flaming nightmare. And totally unnecessary to tackle the problem this way.