Fake news in GDPR: the risks and consequences of assuming them as true

Discuss my database trends and their role in business.
Post Reply
Md5656se
Posts: 13
Joined: Sun Dec 22, 2024 3:38 am

Fake news in GDPR: the risks and consequences of assuming them as true

Post by Md5656se »

What follows is a personal compilation of the main messages I received during this time from confused and distraught clients that I have had to clarify continuously and repeatedly.

If you are one of those who still does not understand, here you will find most of the answers.

As long as informing my list is sufficient, there is no need to ask for consent again.
Consent has been the most critical point for companies and professionals, the most controversial and the one that generated the most myths and false beliefs.

It is logical that this legislative change poses a huge headache.

The GDPR requires that a legal basis be established to legitimize the processing of personal data, and in the case of people linked to our brand who are not customers, this legal basis cannot be other than consent.

There were also companies that went too far and asked for consent when philippine area code they did not need it, such as those that sent revalidation emails to customer lists, but, in general, the majority preferred only to inform or use incorrect formulas to request consent.

In the blogging world, subscriber lists are sacred "The Money Is In The List"
It takes a lot of effort to build a community and the GDPR requires us to revalidate the consent of each of these leads. This implies a real carnage that is not easy to digest but, although we do not like it at all, the truth is that each lead whose consent we cannot prove becomes a real " lead grenade" that can explode at any time.

We know that consent “is any manifestation of free, specific, informed and unequivocal will by which the interested party accepts, either by means of a declaration or a clear affirmative action, the processing of personal data that concerns him or her.”

We also know that the GDPR gives another dimension to consent that affects not only the records we are going to capture from 25M onwards, but all previous processing and, therefore, all the records we have on our lists and where we cannot establish another legal basis for the processing, such as legitimate interest or contractual relationship.

So, a subscriber who is not a client must give us their consent, there are no nuances.

Image




Sending an informational email is completely ineffective when it comes to proving the user's valid consent under these new requirements.

Many campaigns that have been launched in bulk recently have been based on this false belief and others have resorted to trickery:

"If you do not unsubscribe, I assume that you agree to remain on my list" is what we know as consent by omission , something that is clearly prohibited in the regulation itself in its Recital 32.

The GDPR says the following about a clear affirmative act or statement: “This could include checking a box on a website, choosing technical settings for using information society services, or any other statement or conduct which clearly indicates in this context that the data subject accepts the proposed processing of his or her personal data” so “silence, ticking of boxes or inaction should not constitute consent.”
Post Reply