The basic principles of GDPR Consent are sound, getting Opt-In Consent and securing client/customer data is the right thing to do. It is easy to write a policy and follow that policy as long as you have no intention of selling your customer’s data to third parties, you will never know your customers well enough to chose who you sell data too.
Personal we would prefer to be loyal to our customers/clients and respect that they have either chosen to consent to allow us to email market to them or to not receive any marketing materials. The down side of this would be not letting them know of business related information like holiday’s, etc, but you can still send them ordinary emails.
The real issue is when you choose to sell your companies customer data, from personal experience if you don’t understand what it is you are really selling then the problems will start instantly, just running an export of name and address is not the answer. Acstede Design helps run three ECommerce sites people buy things and then get them delivered somewhere other than their account address – so selling delivery address that you can’t get GDPR Consent for is wrong.
We have first hand experience of receiving a mailing from a Charity which had our address and a friends name, after the shock how could this combination ever get on to a mailing list, we dug deep. It turns out that the charity brought the data from a company that a friend had got a box delivered to us for them. When you contact each company in turn, there turns out to be a third party marketing data company in-between, they all apologise and say it will be removed, but is that good enough. We think not. Selling Shipping address doesn’t make sense that they nearly always will be without consent. So if you are going to sell your customers personal data then please be very careful and cross check all addresses so make sure you have opt-in consent for each name address combination.
Acstede Design has passed an online course in GDPR Training and done our best to make all our websites compliant by 25th May 2018. We have created contact forms with Opt-In tick boxes for mailing lists, which records opt-in consent and within the policy document that personal data will never be sold if appropriate. We would never stop a client from selling their customer data but now we have first hand experience of the hassle and time it will take to manage all data enquiry requests. We think the original data sell will have second thoughts when GDPR really kicks in.
It starts to question who will sign up to have their personal data sold to third parties? And trusted partners? Who decides?
Now we know why GDPR has been brought in.