I really didn't want to write a blog about GDPR as everyone I know is fed up with it but my experience this evening has made me wonder whether anything has actually changed.
For the last few weeks I have been receiving emails telling me I had to opt in, emails telling me I had to opt out and privacy policies from businesses I don't have anything to do with. I have read a fair bit about GDPR and, like other small business owners, have done what is right for my business. I know I am not the only one who has had enough of reading about it, hearing about it and doing it. Most small businesses were already protecting personal and sensitive data anyway and many do not bombard everyone they have ever met with emails or newsletters.
One of the things I grasped from GDPR is that you can only collect and retain personal and/or sensitive data which is necessary for a particular task.
Surely this doesn't meet the new data protection regulations? The new regulations are about only collecting the information that you need. Paypal is a payment service and has no need of my phone number and therefore shouldn't be collecting it. I know small businesses have been working very hard to meet the GDPR requirements and doing the best they can with limited resources but large organisations seem to continue to be doing things which don't appear to be in line with the new regulations.
Has anyone else experienced this?
Many years ago I entered for a business award. I could not enter unless I added my phone number - and it had to be a mobile number. I could not enter my work landline which would have been the more sensible number to contact me on. After that I received frequent PPI and other annoying sales calls to my mobile. My number had very obviously been shared by this organisation. It is much more difficult to opt out of these phone messages than it is to unsubscribe from emails.
Today I was called 3 times by the same company within the space of an hour. I asked where they had got my details and they said from Google. Businesses need to provide their contact details online in order for customers to reach them but sales calls and emails will no doubt continue because our details are available for anyone to use for cold calling and emailing.
I am hoping that, as GDPR beds in, businesses will begin to review the information they request and start limiting what they ask for to just what they need and that hopefully these cold calls will begin to get less.