GDPR (niche thread)


The opt in emails are my favourite thing.


so, SO many now


The weird thing with the last one I got was that I could see everyone else that it had been sent to. Doesn’t seem to be in the spirit of things.


jesus. this is what happens when companies that don’t have digital staff need to do something unexpected :///


A reply-all-pocalypse is just what GDPR needs.


the biggest nightmare on my side has been making sure our creaky old database can actually stand up to scrutiny in being secure. it’s been fun, i tells ya


It was from an artbook company!


He won’t be posting much if you give him that much responsibility


I’m mainly using GDPR as a way to trim the flow of spammy rubbish I’ve signed up to over the years.


Free bananas in the kitchen, ideally. (OK it’s internal but if you haven’t seen this, trust me you want to).


Today my employers GDPR project manager who was in the middle of a fairly crucial stakeholder presentation, had a pop up Lotus Notes reminder appear on his screen saying “buy Slayer tickets.” The meeting digressed for ten minutes while the insights director played Reign In Blood so everyone could get up to speed on who Slayer are. It was a moment of surreal respite in the middle of what has been an absolute horror show to get through.



You’re giving me one last chance to RE-subscribe to something that I actively unsubscribed to a while back? Gee thanks guys.



Holy shittttt that’s a definite no-no. Reply and tell them you’re sending it to the ICO, really shit them up.




My feeling is that most companies wouldn’t be able to evidence their previous versions of consent to the ICO if they ever existed in the first place and so are re-sending all of these emails so that they can document it if required. For a lot of these marketing emails I suspect that consent is the only one of the six legal grounds that applies.

The potential GDPR fines are so large once it comes into force that businesses would probably rather commit a technical breach of the law today before GDPR comes into force by re-seeking consent that they can evidence rather than either losing their existing mailing lists entirely or risking continuing to process existing personal data on the basis of shonky/unclear prior consent.

Also, there’s so much guidance circulating and so much of it’s contradictory, very technical or unclear that I’m not surprised it’s being interpreted in very different ways. I’m the DPO for my practice and have had wildly different advice from various parties about how we can legally text appointment reminders to our patients under GDPR. It’s just going to come down to interpretation and documenting steps we took to assure ourselves of the legal basis for it I think.


this. i’ve had so many dickhead colleagues sending me that fucking guardian article triumphantly, as if it renders the process completely null and void. FUCK OFF.


Some good replies here (if you’re into LC!)


I help out a couple of bands and while I’m still clueless as to whether new consent really had to be sought, I’ve used it as an excuse to get them both onto Mailchimp.


Having to do an online course on this boring bollocks

Jesus Christ…