Great news!!! Most organisations were already compliant with GDPR. Not that that stopped a lot of organisations going quite bananas over it (though not, predictably, the ones who were illegally buying my contact details and then illegally using them to spam me with (at best) grey legal marketing, gambling and dating "opportunities").
I'm going to quote my personal favourite notice here, because it's brief, to the point, and covers all the necessary:
This, plus a pretty picture, was an elegant sufficiency. But so many went down a different path. And here, in reverse order, are my GDPR email top of the flops:
I'm going to quote my personal favourite notice here, because it's brief, to the point, and covers all the necessary:
Organisations have different approaches. [Redacted] is proceeding on the basis that people who have already signed up to receive our newsletter might reasonably want to continue to have it sent to their email addresses. This is referred to as relying on processing on the basis of 'legitimate interest'. As always, we will include a link to allow you to opt out of receiving our newsletters at any time.
This, plus a pretty picture, was an elegant sufficiency. But so many went down a different path. And here, in reverse order, are my GDPR email top of the flops:
- Three paragraphs of whingeing about the GDPR. I understand your woes. I feel them, having been to two briefings, one meeting, a compulsory e-learning and numerous informal chats on the topic this year. But if you're struggling so hard with the concept of data privacy perhaps your orgaisation is, I don't know... the kind that doesn't do that kind of thing? Newsflash: these organisations exist and they send out LOADS of email, all the time.
- Four increasingly needy emails in a row, three after I'd updated my preferences. Can it, Janet, I already said yes.
- A link to update my preferences, that lead to a form to input my information again, which you already have, or you wouldn't be contacting me. For heaven's sake, do we know each other or not?
- A link to update my preferences, that lead to a form to input my information again, which you already have, which then returned the error message "[redacted] is already subscribed to this list". I know that, you know that - but will
you still love me tomorrowI still get your emails after 25th May? - And in top place, standing out as a true beacon of practice in this area: An email explaining that the list you were subscribed to is being closed and you need to subscribe to a new GDPR-compliant list. On click-through, this form is asking you for a lot more personal information than you had previously shared with the company; it also has autofill disabled and a CAPTCHA that will not load in your (only very slightly slightly flaky) browser. Two browsers later, and the problem is still not resolving on desktop. Entry via the ipad (why is so much design still i-pad first?) finally loads the CAPTCHA - it's the notorious picture-style which drops into its usual round of fail. I wrestle the CAPTCHA to a standstill ... and the form crashes.
Never mind, eh.
There has been some really lovely practice in this area too - friendly checks, information pre-loaded, tidy forms, pretty design. Just for balance's sake, you understand.