What, No Website?

What,


No


Website?

Turning Ideas Into Reality ™

Our Core Services Read More
  • Design Services

    Designing websites for clients in the UK, US, Spain and Further Away...

    Read More
  • SEO Services

    Optimising sites for clients in the UK, US, Spain and Further Away...

    Read More
  • SERPs Tracking

    Track and know where you stand in the search results quickly and easily...

    Read More
  • Web Hosting

    High end fast & scalable SSD web hosting that delivers sites fast...

    Read More
  • Reseller

    Full Featured cPanel WHM SSD Web Hosting for our resellers...

    Read More
  • Social Media

    Generate organic traffic and save hours each day with our bespoke tools...

    Read More
  • 1

• Hosting Sale •

Up To 50% Off Many Prices !

Shop Now

Tuesday, 22 May 2018 17:18

GDPR Myths

There are many myths surrounding GDPR and what you should and shouldn't do in order to comply, here we hopefully dispel some of those myths.

The biggest threat to organisations from the GDPR is massive fines

This law is not about fines. It’s about putting the consumer and citizen first. We can’t lose sight of that.

Focusing on big fines makes for great headlines, but thinking that GDPR is about crippling financial punishment misses the point.

And that concerns me.

It’s true the ICO have the power to impose fines much bigger than the £500,000 limit the DPA allows us. It’s also true that companies are fearful of the maximum £17 million or 4% of turnover allowed under the new law.

But it’s scaremongering to suggest that the ICO will be making early examples of organisations for minor infringements or that maximum fines will become the norm.

The ICO’s commitment to guiding, advising and educating organisations about how to comply with the law will not change under the GDPR. We have always preferred the carrot to the stick.

Like the DPA, the GDPR gives us a suite of sanctions to help organisations comply – warnings, reprimands, corrective orders. While these will not hit organisations in the pocket – their reputations will suffer a significant blow.

You must have consent if you want to process personal data

The GDPR is raising the bar to a higher standard for consent.

Consent under the current data protection law has always required a clear, affirmative action – the GDPR clarifies that pre-ticked opt-in boxes are not indications of valid consent. The GDPR is also explicit that you’ve got to make it easy for people to exercise their right to withdraw consent. The requirement for clear and and plain language when explaining consent is now strongly emphasised. And you’ve got to make sure the consent you’ve already got meets the standards of the GDPR. If not, you’ll have to refresh it.

This has understandably created a focus on consent.

But I’ve heard some alternative facts. How “data can only be processed if an organisation has explicit consent to do so”.

The rules around consent only apply if you are relying on consent as your basis to process personal data.

So let’s be clear. Consent is one way to comply with the GDPR, but it’s not the only way.

We have to get fresh consent from all our customers to comply with the GDPR

You do not need to automatically refresh all existing consents in preparation for the new law. But the GDPR sets the bar high for consent, so it’s important to check your processes and records to be sure existing consents meet the GDPR standard. If they do there is no need to obtain fresh consent.

Where you have an existing relationship with customers who have purchased goods or services from you it may not be necessary to obtain fresh consent.

It’s also important to remember that in some cases it may not be appropriate to seek fresh consent if you are unsure how you collected the contact information in the first place, and the consent would not have met the standard under our existing Data Protection Act.

We’ve heard stories of email inboxes bursting with long emails from organisations asking people if they’re still happy to hear from them. So think about whether you actually need to refresh consent before you send that email and don’t forget to put in place mechanisms for people to withdraw their consent easily.

If consent is the appropriate lawful basis then that energy and effort must be spent establishing informed, active, unambiguous consent.

Taken from: ICO Blog | The Information Commissioner's Office.

Additional Info

Last modified on Tuesday, 22 May 2018 17:26
More in this category: « All Your Search Data In One Place

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.

Subscribe

Secure

Viewed Securely
seal by SSLs.com

Contact Us

+44 (0)845 527 3596 (UK)
+34 602 155205 (ES)
This email address is being protected from spambots. You need JavaScript enabled to view it.



See how you too can achieve an increase in online revenue.

Review Us...

Memberships...

What Others Have To Say...

  • Michael managed with attention to detail and monitors the status of accounts like a hawk without losing sight of the
    Timothy Barreiro Coral Hotel Group
  • What No Website offers a great and valuable service which is absolutely perfect for any new start business or entrepreneur
    Christopher Pennington Capecan Group
  • That is amazing thank you soooooo so much. Honestly, this is going to change the way we work here.
    Suzanne Lovell Age UK
  • We had an excellent level of communication with What No Website who completed all the tasks in a timely manner…
    CTO Paradise Park Hotel
  • 1

Recent Blog Articles

Popular Blog Articles

  • Default
  • Title
  • Date
  • Random
load more hold SHIFT key to load all load all