Get Free Downloads
Start your GDPR today in just a few clicks
      
Get Free Downloads
Start your GDPR today in just a few clicks

GDPR Help! I think I’m getting paranoid!

Tagged with gdpr, ico, data, textmarketing, sms, free, freeadvice, bulksms, gdprtemplate
by Adam Brogden
in Blog

19-Dec-2017 13:08

GDPR is really gaining momentum with umpteen companies, consultants, and products appearing that will help companies get through the GDPR challenge. However, despite spending hours reading documents, watching videos, and studying blogs I am still concerned. The biggest issues I think are around:

Legal Basis for Processing – huge amount of discussion around this topic. Legitimate Interest seems to be favoured by many people however the ICO guidelines are so vague – the onus is on the company to document and be able to prove that this a reasonable approach with no detriment to the subject, but without specific criteria on which to base your decision. Looks like a risky area, although I accept that a number of people think that this is clear-cut and that I might be just getting a little too paranoid. Maybe we’ll only find out when the ICO take enforcement action against a company using this approach.

Granular opt-in – so, assume you are going for consent, when you present your form to the data subject just how granular is granular? Can you say, ‘We will send you account updates, support info and other offers’ and accept an opt-in in one check box – or is this not granular enough and you should really give the subject the option to opt-in to one or more of these topics? Maybe this depends more on what you want to allow the subject to be able to opt-out of?

PIA – what is the required content of a PIA? There is a very useful document on the ICO web site but this is way beyond what most companies can handle. Is there a simpler PIA or different way to do this?

Data Flows – as per the PIA – mapping data and data flows is complex. I’ve not been able to find a site / product that helps in this area. Data flows are again pretty fundamental and without this it make the PIA impossible and also definition of processes tricky.

Am I getting too paranoid about this? I want to complete GDPR preparations and be 100% compliant but with so much uncertainty I can’t see that this is possible.

ICO has a pretty fierce enforcement regime and with the emphasis on companies being able to prove that they have taken reasonable decisions against uncertain criteria I think I am rightly concerned.

How are you all feeling? Maybe I just need a holiday!

Good luck all!