GDPR – Firms Take Matters Into Their Own Hands

The Information Commissioner’s Office is receiving increasing criticism with regard to the lack of information it is issuing regarding the forthcoming General Data Protection Regulations (GDPR).

Broken Promise Causes Untold Time Pressures

The ICO originally announced that publication of its “Consent guidance” would be made in June 2017. It recently became apparent that publication would likely be delayed until the end of the year. This would mean firms have less than 5 months to prepare for GDPR.

It’s a Matter of Consent

Post it notes with the words Compliance, Process, policy and others associated

One of the main areas for concern is that of legitimate interests. This relates to the need for obtaining consent when gathering, using, processing etc. people’s data. Within GDPR, companies will need to prove that they are processing people’s data within one of six legal bases. Legitimate interests is one such base, though it is ambiguous in its legal meaning, hence the issue.

With such stringent rules (and such hefty fines) coming into force around the obtaining of consent, businesses are understandably concerned. They had expected, due to promises made, that the ICO would have published guidance by now. Given that guidance has not been forthcoming, they are understandably frustrated as applied correctly, legitimate interests will remove the requirement for consent in certain circumstances. The problem is understanding what those circumstances are exactly…

Charities Lead the Way

The charities sector has already taken the lead when it comes to bringing their practices up-to-date. An “11 Steps to Marketing Consent” download has been made available to charities via FastMap. The aim is to help charities prepare for GDPR. Charities including the RNLI and Macmillan Cancer Support had a hand in its development. Needless to say, it has been very well received by that sector.

Data Protection Network

Data Protection Network DPN Lgog

With this in mind, a group of companies collectively referred to as the Data Protection Network, has been set up. The group comprises the Direct Marketing Association (DMA), the Voice of British Advertisers (ISBA) and other data protection specialists. The DPN has recently published its guidance as to what constitutes legitimate interests. The aim, much like with the charities sectors, is to assist companies in preparing for the big day.

Companies being warned to brace themselves for a deluge of Subject Access Requests once GDPR goes live. There is clearly the potential for a massive short-term increase in workload. Such pressures, especially when coupled with ignorance (of the law) are a great recipe for disaster.

The DPN Legitimate Interests Guidance can be accessed via their website after registering (for free). To register, click HERE