Many companies are sending e-mails, telling customers about changes in their conditions and data handling, right before the implementation of GDPR.
Artículo disponible en Español | Article disponible en Français
The new GDPR rules came into effect yesterday, 25th May 2018. Companies, for some reason, are only now making the changes needed to comply with the new rules, flooding inboxes with e-mails asking for permission to continue mailing customers or about changes on their terms and conditions.
Ironically, many of these e-mails may be illegal, as they request consent to the user, when, in some cases, that consent is not needed. For example, if a company is handling data from customers such as their e-mail address, and if they already complied with GDPR before the 25th, they do not need to request consent again.
A few medias, mainly US-based ones, have recently been talking about how many US-based companies are struggling to implement GDPR in time, before the deadline. After a quick verification, it seems quite a lot of European-based companies are having a hard-time too, guided with incorrect information from legal advisers or misunderstanding the new rules.
Negative stories have already started to pile-up. Business having to spend large amounts of money to comply with the new rules. Companies outside of the EU deciding to stop supplying their services altogether to European customers. Some websites from outside the EU blocking EU citizens.
But the reality is, all this negativity is needed if we want the consumer to get back some power over its data. And companies had a 2 years timeframe to comply with the new legislation, which should be plenty of time to revise the way they gather, store and use data.
The European Commission has published a statement, as well as linking some interesting material to explain GDPR to users in an easy way, as well as detailed resources for business owners.
More on this subject: