I’m sure you have received them too. Tons of annoying emails where companies or organisations are explaining to you how they value your privacy, and that because of the new GDPR directive from the EU, they are asking for your consent to continue sending you emails.
Yes, there is a new directive that will soon be put into action. The original date was on May 25th, but it’s now been postponed until June. However there was most likely no need for the company to send you an email asking for your consent. In fact, these emails are most likely illegal and a violation of both GDPR and privacy rules that already are in effect!
In an article in the Guardian, Toni Vitale, the head of regulation, data and information at the law firm Winckworth Sherwood, says that businesses are not required to ask for your consent. They already have your consent because of the existing 1998 Act, which was made in preparation for GDPR.
Also: Consent is just one of the six legal grounds under GDPR. The others are contract, legal obligation, vital interests, public interest and legitimate interests.
In addition, recital 171 of the GDPR makes it clear that you can continue to rely on any existing consent that they already had from you, which you gave them by signing up in the first place. There is absolutely no reason to ask for your consent again. All an organisation has to do is to make sure the consent met the GDPR standard, and that they are properly documented.
In short: You have received tons of unnecessary annoying emails for no reason other than a lot of consultants wanted to make a shitload of money by preying on the misguided fear that companies could be fined insane amounts of money. Naturally these companies wanted to cover their asses.
Not only that, but by emailing you these GDPR emails, the sender will most likely be breaching the rules set by the Privacy and Electronic Communications Regulations, which makes it an offense to email someone to ask them for consent to send them marketing by email!
To quote Vitale: “If the business really does lack the necessary consent to communicate with you, it probably lacks the consent even to email you to ask you to give it that consent.”
On the positive side, if you just ignore these emails and don’t click on any of the links in them, you will not receive more annoying marketing emails from the companies that sent them to you…
1 thought on “Why the GDPR Emails You’ve Received in the Past Weeks Probably Are Illegal”
Admiring the hard work you put into your site and in depth information you present.
It’s great to come across a blog every once in a while
that isn’t the same out of date rehashed information. Great read!
I’ve saved your site and I’m adding your RSS feeds to my