GDPR is 2 years old but who is having the tantrum?

It was interesting to hear that a recent round table review amongst data privacy heads in a number of large businesses thought GDPR was still waiting to find its teeth in the form of major fines.

We don’t know about you but the £198m fine against British Airways and the £99m fine against Marriott Hotels last year by the UK’s Information Commissioner seemed fairly major.

Admittedly for most businesses those issues seem only to be relevant to corporate giants. We agree with that sentiment as in our view Regulatory fines are not the real risk for most businesses.

The real risk for every business is revealed in a £10 billion GDPR class action against Oracle and Salesforce which has been launched. Again, you could be forgiven for thinking, “how on earth is a £10 billion claim relevant to my business,” but it does matter to your business, it really does.

The reason is simple – the claim is based on those companies not being precise, clear and transparent with customers as to exactly what they were going to do with the personal data they collected, and that is a failure of the Privacy Notices they used.

Privacy Notices are crucial to every business, because the Privacy Notice is what gives lawful authority to collect and use that data. Every business needs to have a Privacy Notice. Yours included.

Most of the Privacy Notices we see are nowhere near compliant with the GDPR rules, so all that data is unlawfully collected and that generates the same claims against the business that Oracle/Salesforce are now facing.

The Oracle/Salesforce claim is a stark example that every business needs to know about, that Privacy Notices really matter. Borrowing one from Argos, Marks & Spencer, Barclays or Asda (as many website designers tell us is what often happens – it’s in the metadata) will leave those businesses as wide open as Oracle and Salesforce. The value of the claims may be smaller in absolute terms, but in real terms can still do serious damage to that business.

In our view it is the staff in the business who have responsibility for GDPR compliance who need to be having the terrible tantrums, to get the funding and resource they need to protect the business. Throw everything out of the pram to get your way, don’t leave the dummy in (charge).

For more information and support please contact our GDPR Specialist:

Ian Sinclair-FordGDPR Specialistian.sinclairford@glenvillewalker.comT: 0151 305 9650 | M: 07786 394 679