GDPR- You May Be getting Illegal emails
Just a few days before the GDPR came into force, the influx of e-mails requesting to leave the user in the mailing list was felt throughout Europe. Unfortunately, experts say that most of these letters are completely unnecessary, and some may be illegal.
Not all companies are required to re-obtain their consent to store their data. If previously obtained consent meets the standards of the Regulation and is properly documented, new consent is not required. So, if the user agrees to contact him by email. It was properly received by post before GDPR appeared – it is likely to continue.
However, if the company does not have the consent of the obligated user, it probably does not have the consent even to send. the letter requesting that consent in most cases, such senders violate another set of rules – Privacy and Electronic Communications Regulations, which indicate that you should send someone an email asking you to allow email advertising. is misconduct.
In addition, re-requesting the user’s consent to collect his / her personal data is not correct if you are not sure how and from where you received the contact details of that user. Some companies cannot prove that they have the consent to simply not having or lacking evidence of how they have received it.
Disagree - don't talk
The most important aspects of GDPR
Microsoft provides a list of key developments since the GDPR came into force.Personal privacyUsers have the right:access and export your personal data;ask to delete your personal data;ask to correct errors in your personal data;Prevent processing of your personal data.
Control and messages
- Companies and organizations must:protect personal data with appropriate security measures;
- notify authorities of personal data breaches;
- to obtain consent for the collection and processing of personal data;
- keep records of data processing activities.
Companies and organizations must have provisions that:
- provides clear information on data collection;
- indicates why and when personal data are processed;
- defines the provisions for data retention and destruction.
IT and training
Companies and organizations will have:
- train staff on best privacy and security practices;
- checking and updating data provisions;
- if necessary, hire a data protection specialist;
- to conclude and manage contracts with eligible providers.
If you are not sure what measures should be taken or what GDPR regulations are applicable to your company, we suggest doing GDPR compliance test.
Also read our next blog post about GDPR.
Interested? Let's discuss your project
Call us or write us an email and we will arrange a meeting, during which we will discuss your project and our ideas for you.