Power To the People: The Online Companies & the New Data Regulations:

“Good night, Good Night: Parting is such sweet sorrow”. So declared Juliet to Romeo in Act II Scene II of the play by the 17th century English dramatist William Shakespeare. From her balcony in Verona, Juliet also expressed the hope that they would see each other the next morning. It didn’t of course, quite work out like that: The play, after all, is a romantic tragedy. From the deluge of e-mails into everyone’s inboxes in the days prior to May 25th – when the General Data Protection Regulation (GDPR) came into effect – it seems that many companies with an online presence have been in a panic that their relationships with all of us might come to a similarly abrupt end.

In his column for The Guardian on 26th May, the journalist Tim Dowling cited some of the “desperate, begging e-mails” he’d received from “companies keen to keep stuffing our inboxes with promotional rubbish”: “Is this goodbye, Tim?” queried one with some anguish. “”Don’t throw our love away”, beseeched another. This imploring tone was reflected in the last-minute messages being sent out by many other companies: “We’re sorry to see you go!” declared the Wigan-based company, Festive Lights on 24th May “but if you’ve realised that you’re making a terrible mistake, today is your last chance to change your mind”. The D&D London restaurant chain insisted that they were not yet ready to say “hasta la vista baby”. One major retailer proposed that we should “hold hands and be friends forever”. The Great Estate Festival chose a more low-key approach, asking us “nicely” if we’d like to stay on their mailing list.

The Guardian’s former technology editor, Charles Arthur, noted that he’d been receiving requests to keep in touch from companies that had never e-mailed him before. Dowling hailed the 25th May as “a glorious day” and observed that “GDPR may well go down in history as the last nice thing Europe ever got to do for us”. His colleagues on the newspaper, Patrick Collinson and Robert Jones, quoted statistics issued by the consultancy organisation Accenture indicating that, “of the total number of one billion GDPR messages likely to hit personal inboxes by the 24th May deadline”, many would go straight into “spam” and so not receive a response and a third would be deleted by the recipients as soon as they arrived. They pointed out that, although each person in Britain is understood to have about 100 “data relationships”, some small business have revealed that their “reconfirmation rates” have averaged only 10% – which meant they are losing 90% of their marketing e-mail lists.

On 22nd May, BBC News reported that, according to a survey of 906 UK firms conducted by the Federation of Small Businesses, only 8% had so far completed their preparations for GDPR. Furthermore, that about 23,000 organisations had contacted the Information Commissioner’s Office (ICO) for advice since it was set up in November 2017. The Daily Mail commentator, Madhvi Mavadiya, observed on 18th April that the new regulations “have been formulated to ensure that organisations like Google and Facebook follow stricter rules amid concerns over how private data is collected and shared” and to resolve the growing concerns about privacy issues following the recent Cambridge Analytica scandal and the “significant data breaches suffered by the likes of Yahoo! and Linkedin over the past few years”. The Economist magazine believes that the main loser will be the advertising technology industry (ad tech) which has “an insatiable hunger for personal data”.

As emphasized in the guidelines published by the “Simply Business” organisation, GDPR applies to “any businesses that processes the personal data of EU citizens, including those with fewer than 250 employees, and thus they must employ a Data Protection Officer DPO). Individuals now have the right “ to access all of their personal data, rectify anything that’s inaccurate or completely erase all the data a company might have about them, for example, if they have ceased to be one of their customers – hence they have acquired “the right to be forgotten”.

Businesses must ensure that all their suppliers and contractors are “GDPR-compliant”, to avoid being impacted by any breaches and consequent penalties, which , if people’s rights are ignored,could amount (remarked the Daily Mail) “to £17 million or 4% of the company’s annual turnover, whichever is higher – a massive increase on the current maximum fine of £500,000. When a data breach does occur, both the people at risk of being affected and the appropriate data authority (The ICO in the case of the UK) must be informed within 72 hours.

One of the key principles of GDPR is “to require companies not to hold on to personal data for longer than necessary or process it for purposes that the individual isn’t aware of”. Requests for consent must not be hidden in small print but instead presented clearly and separately from the company’s other policies – so “ no more pre-ticked boxes and inactivity is no longer a legitimate way to confirm consent”.

The “Small Business” website has attempted to re-assure its subscribers by stressing that “No one likes having their data lost,stolen, damaged or shared without proper consent” – therefore doing everything possible to protect customers and grow their trust could be a unique selling point and bring in more business. As the UK is still a member of the European Union, the new regulations apply as much here as anywhere else in the EU. The British Government has confirmed that, post-Brexit, it will be introducing its own Data Protection Law which will replicate the requirements of GDPR.








Filed under: Media, Society | Posted on June 1st, 2018 by Colin D Gordon

Comments are closed.


Recent Posts


Copyright © 2019 Colin D Gordon. All rights reserved.