Connect with us
Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.


GDPR myths

GDPR myths

Gavin Scruby, CIO at SmartDebit 

The General Data Protection Regulation (GDPR) is almost here, and we are seeing its effects inveigling its way into everyday consumer life. Whether it is in our email inbox or on a social media platform, we are being prompted to review new privacy policies and give our consent to receive emails. The feeling of confusion among both consumers and businesses is real and powerful. The media is having a field day with GDPR-related stories, while others may be benefiting from providing additional legal consultancy. It is indeed a complex regulation though, so the confusion is understandable. Many businesses – especially smaller ones that can’t afford compliance staff or don’t have legal teams – rely on advice given to them by consultancies that may not entirely be as expert as they portray themselves. Be very aware. Indeed, this article itself shouldn’t be seen as official legal advice. It is worth evaluating, however, the actions that are being taken as a result of GDPR myths.

Myth or fact?

Dr Gavin Scruby CIO SmartDebit

Dr Gavin Scruby CIO SmartDebit

Some businesses have gone to the extremes of wiping out entire mailing lists to reduce the risks associated with data, as in the Wetherspoons example. Is this really necessary for GDPR compliance? The simple answer is no. Businesses do not have to start from scratch in order to be able to send communications or marketing emails to their customers. What happened with this case is that the business in question (Wetherspoons) took the business decision of not using email as a method of keeping in touch with their customers. They decided that they do not want to hold any customer emails in their database. Although we cannot know exactly why they did this, it could be because they are unsure if they received clear consent to contact those email addresses;they do not want to risk being fined if a data breach takes place or mass emails are sent by mistake to customers.

Business-wise this could make sense for Wetherspoon as their brand is so strong that they may not necessarily need to use email marketing as part of their strategy. Understandable of course, but it also shows a lack of confidence in a company’s existing data protection controls. GDPR is not a huge extension over the Data Protection Act, which people should be following already. If you handle large amounts of data and you are not sure where it came from, then going down the Wetherspoons way may make sense for your business; nonetheless, deleting all your data and starting from scratch is not what GDPR is about.

Getting fresh consent from your mailing list is another popular action that is overflowing our email inboxes. Although the GDPR sets the bar high for consent and it is vital that you check your company’s records to ensure your existing consents meet the GDPR standard, obtaining fresh consent from all of your existing customers is nota GDPR necessity. If your mailing list consists of customers with whom you already have an existing relationship, who have either purchased goods or services from you, then it may not be necessary to obtain fresh consent. You also have to think twice before emailing your customers a long complicated email about opting in. Is the text easy to understand? Is it long? Do you have a mechanism in place for subscribers to unsubscribe? You may risk non-compliance anyway if the email is difficult to follow and the information is lost in a long email. Your customers need to be able to clearly understand what they are consenting to.

It is also vital to remember that consent is only one of the forms with which you are legally allowed to process data. There are six lawful bases under the GDPR: 1) consent, 2) contract, 3) legal obligation, 4) vital interests, 5) public task, and 6) legitimate interests. During your preparations to GDPR, you have had to understand why and how you are storing and processing data and identify which legal basis applies to your business. Therefore, if your business already has contractual legal basis with your customers, and that includes emailing them notifications about a service they have signed up for, then you may not necessarily need to get fresh consent to contact them, even if you want to offer a further service to them.

GDPR will evolve in practice; if not in word

Just as GDPR is building on previous data protection laws, GDPR will also evolve over time. This will apply to how the law is interpreted when court cases take place. We just don’t know yet how case law will be applied. Nevertheless, just as the interpretation will evolve from court cases, your business will also need to continually be evolving with the GDPR. You can’t just do the preparation, say you are compliant and sit back. The processes put in place due to the GDPR will have to be followed and adhered to. Just as with your preparation to implementation, you will have to:

  • Know where your customer data is stored, and why
  • Know how you store that data and how it is protected
  • Be able to correct, and delete, the data if needed
  • Delete any data that you identify as not being used
  • Review third parties processing your customer data
  • Be able to prove all of this with evidence.

If you have these checks and balances in place, then being compliant with GDPR will be far easier throughout your business’ journey with data protection.

Don’t let the law scare you. Take advantage of it to help you provide better customer service. People want to feel empowered and that they are in control of the personal information that companies hold about them. Being transparent about data protection, and following GDPR laws, should confirm that you are doing the right thing. This will be more to the spirit of GDPR than any box-ticking compliance regime, and will serve you far better with your customers.

Global Banking & Finance Review


Why waste money on news and opinions when you can access them for free?

Take advantage of our newsletter subscription and stay informed on the go!

By submitting this form, you are consenting to receive marketing emails from: Global Banking & Finance Review │ Banking │ Finance │ Technology. You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Recent Post