GDPR- You May Be getting Illegal emails

GDPR- You May Be getting Illegal emails

On May 25th the General Data Protection Regulation enters into force has caused great confusion in most European companies. Afraid of promised big fines, companies are in a hurry to prepare for the regulation, update the privacy policy, to inform consumers and obtain appropriate consent from them to collect personal data.

Just a few days before the GDPR came into force, the influx of e-mails requesting to leave the user in the mailing list was felt throughout Europe. Unfortunately, experts say that most of these letters are completely unnecessary, and some may be illegal.

Inbox spam

Not all companies are required to re-obtain their consent to store their data. If previously obtained consent meets the standards of the Regulation and is properly documented, new consent is not required. So, if the user agrees to contact him by email. It was properly received by post before GDPR appeared – it is likely to continue.

However, if the company does not have the consent of the obligated user, it probably does not have the consent even to send. the letter requesting that consent in most cases, such senders violate another set of rules – Privacy and Electronic Communications Regulations, which indicate that you should send someone an email asking you to allow email advertising. is misconduct.

In addition, re-requesting the user’s consent to collect his / her personal data is not correct if you are not sure how and from where you received the contact details of that user. Some companies cannot prove that they have the consent to simply not having or lacking evidence of how they have received it.

Disagree - don't talk

According to GDPR, on sites that use cookies, the user should be able to choose which cookies to use on that site and which cookies are not. Since this is extremely difficult to implement technically, Lithuania is spreading a “disagree – don’t go” solution. The site reports that it uses cookies or that privacy rules have been updated. If the user disagrees with this, he or she is simply advised not to continue browsing the site. However, if the user decides to continue browsing the site, this means he agrees with the new rules and the use of all cookies.


The most important aspects of GDPR

Microsoft provides a list of key developments since the GDPR came into force.Personal privacyUsers have the right:access and export your personal data;ask to delete your personal data;ask to correct errors in your personal data;Prevent processing of your personal data.

Control and messages

  • Companies and organizations must:protect personal data with appropriate security measures;
  • notify authorities of personal data breaches;
  • to obtain consent for the collection and processing of personal data;
  • keep records of data processing activities.


Companies and organizations must have provisions that:

  • provides clear information on data collection;
  • indicates why and when personal data are processed;
  • defines the provisions for data retention and destruction.

IT and training

Companies and organizations will have:

  • train staff on best privacy and security practices;
  • checking and updating data provisions;
  • if necessary, hire a data protection specialist;
  • to conclude and manage contracts with eligible providers.

If you are not sure what measures should be taken or what GDPR regulations are applicable to your company, we suggest doing GDPR compliance test.

Also read our next blog post about GDPR.

Back to Blog

Interested? Let's discuss your project

Call us or write us an email and we will arrange a meeting, during which we will discuss your project and our ideas for you.