|
11 Apr 18 - 05:52 PM (#3916657) Subject: Tech: Data Protection Act UK From: Tattie Bogle So what is everyone doing about this? New DP Act coming into force in the UK on 25th May: so now everyone has to renew consent to be on an email list and have any of their personal information held. I have already had emails from a number of non-music organisations who hold my email address, requesting permission to continue sending me emails. This potentially has implications for evety folk club and other music organisation in the land, so how is everyone dealing with it? I made a start tonight, sending an email to all on an e-list of small club of which I am a committee member, only 52 on the e-list, but I have other lists of 200 or more. 12 responses so far, which is not bad for a couple of hours, but then one telling me I'd got the wording wrong!! HELP!! Is there a fail-safe standard format? Also, for some of these small clubs, I guess people send from their own personal email address: is it now incumbent upon us to have all data in a more anonymous club addresses email? |
|
12 Apr 18 - 01:31 AM (#3916714) Subject: RE: Tech: Data Protection Act UK From: DaveRo For anyone, like me, who knows little about this the new regulations are called the GDPR, which supersedes the UK Data Protection Act https://www.eugdpr.org/ |
|
12 Apr 18 - 03:29 AM (#3916723) Subject: RE: Tech: Data Protection Act UK From: Acorn4 I've always used "Blind Carbon Copy" up to now so recipients can't see who else is on the mailing list but I think that won't be good enough after May. |
|
12 Apr 18 - 04:12 AM (#3916737) Subject: RE: Tech: Data Protection Act UK From: GUEST,nickp (cookieless) Involved in this at work where it is veryt relevant but also indirectly involved with a small music association who are struggling. Not helped by the lack of sensible info for small orgs etc. To be fair, 'our' scenario is unlikely to be too much of a worry for the powers that be but I don't think that is a good excuse and the idea of multi-million fines is a worry. We use Mailchimp for our notifications (it has subscribe/unsubscribe options) and the only solution I can think of is to send out a 'final' message saying that the list is about to be cleared (i.e. immediately after sending) so you will need to resubscribe and giving a link to do that. It's a great idea (I guess) especially in view of recent data misuse (!) but it is disproportionate for us 'minnows'. |
|
12 Apr 18 - 09:49 AM (#3916811) Subject: RE: Tech: Data Protection Act UK From: GUEST The perverse thing is that you may now need to hold more personal information as you will need to be able to match each address on the list to the actual consent. Before you could get away with simply having a straight list of email addresses without matching them to people's names. |
|
12 Apr 18 - 11:51 AM (#3916856) Subject: RE: Tech: Data Protection Act UK From: GUEST,Morris-ey GDPR changes nothing, really. If you complied with the 1998 Act, you still do. Don't panic, don't employ consultants. |
|
24 May 18 - 06:21 PM (#3926929) Subject: RE: Tech: Data Protection Act UK From: Tattie Bogle So here we are, on the eve of the new (European) legislation coming into force, and very confusing it has been! No standard format: as many different versions as there are organisations it seems. The essence of the law seems to be CONSENT, but many organisations are getting round that by, instead of asking for consent for info to be held, and emails to be sent, just using "implied consent" - i.e. "do nothing and you can stay on our list". And there are a couple of companies who email me almost daily, who have said nothing at all about GDPR or "reviewing our privacy settings". For those who require an "opt in" I have simply not replies so that I will effectively be unsubscribed. The ones that really annoy me are those who either have no unsubscribe button or who ask you to "log into your account" (non-existent)"if you wish to unsubscribe". What a mess! |
|
24 May 18 - 06:40 PM (#3926932) Subject: RE: Tech: Data Protection Act UK From: Nick It's just about how people USE data and being transparent about it I don't actually at the heart it is any more complicated than that I have an issue with yahoo who I've loved for 20 years (OATH now and the privacy thing was do you want to opt out of the 300 affiliates one by one - Pain in the bottom) otherwise you accepted and opted in to ALL the affiliates. Apart from that . It's all last last minute and they've all done their due diligence and most people couldn't give a FF The company i worked for apparently spent 6 months to a year on this - but they are a jolly big marketing company I think in its simplest thing is - am I transparent about what I have that you gave and what i hold. And do you have the chance to change that. A much cleverer friend who used to work with always used to say me - how do i know that I have been deleted? How can you check? Therein lies madness of course |
|
24 May 18 - 06:52 PM (#3926933) Subject: RE: Tech: Data Protection Act UK From: Tattie Bogle Well, I've done my wee bit for our list of 50+ members, and received 40 opt-in replies after a bit of nagging, 2 opt-outs, and 10 no replies, who will therefore be deleted. (Not been seen dead or alive for years anyway!) Been hanging around waiting for directions from parent organisation for what to do about another list of 200+ people that I hold: now,at the 11th-hour + 50 minutes, they come up with a super-lengthy spiel, which basically says "Do nothing and you stay on the list". Just AAARRRGGHH! |
|
24 May 18 - 07:39 PM (#3926939) Subject: RE: Tech: Data Protection Act UK From: Nick It's the 25th - you can't contact them And you probably didn't need to |
|
25 May 18 - 02:34 AM (#3926962) Subject: RE: Tech: Data Protection Act UK From: Bonzo3legs It's a compete pain in the neck |
|
25 May 18 - 05:46 AM (#3926992) Subject: RE: Tech: Data Protection Act UK From: Johnny J It's a bit of a minefield although I think many small organisations are maybe worrying about things unnecessarily. I've received communications from group such as Scots Music Group, EFC plus various musci artists and organisations which is fair enough but how do we stand with lists for subsidiary groups of such organsinations? e.g. a Tuesday morning class at SMG for instance, Ceilidh Caleerie, my local Strathspey and Reel society and so on? For instance, many of us have sent personal e-mails to people on some of the lists. Should we continue to do so without permission? As far as I recall, neither Tattie Bogle or myself have exchanged personal e-mail addresses although we have communicated privately on quite a few occasions but the contact details obviously came from a list somewhere. So will we be technically committing an offence in the future unless we formalise things? I've also got "lists" lying dormant on my system from various organisations I've been involved in, sometimes (not all) in an official capacity. I guess I should be deleting all of those now whether I intend to use them or not. Or does the spirit of the law really just apply to large organisations and commercial companies? |
|
25 May 18 - 06:02 AM (#3926997) Subject: RE: Tech: Data Protection Act UK From: Johnny J On another note, I'm surprised there hasn't been much in the way of scam e-mails exploiting this GDPR thing.... i.e. asking you to click on links to confirm that you wish to stay in contact. I've been very careful about clicking on the links to "opt in" in view of this risk and have tried to make sure the organisation was genuine. |
|
25 May 18 - 06:23 AM (#3926999) Subject: RE: Tech: Data Protection Act UK From: Jos Half the emails say I have to opt-in/give consent. The other half say the fact I am on their list shows that I have already given consent. I think the problems arise for the holder of the details if those details get into the wrong hands, which can result in a prosecution for negligence. This applies to details that are held legitimately, with the consent of the person whose details are held. |
|
25 May 18 - 06:35 AM (#3927001) Subject: RE: Tech: Data Protection Act UK From: Tattie Bogle Just to reassure Johnny J, the Tuesday am SMG class HAS done a "confirm/opt in if you want to stay on the list". But as he says, many of us involved in clubs, classes, etc will hold current and older lists, complicated by the fact that many of the people on the lists are personal friends, and you may have known them and had their email address long before any list was set up, so where do you draw the line? Can you remember how you acquired every email address in your contacts - as a personal one, or to go on a list? As for my list of 200, that refers to events that we organise two or three times a year, so I can't just delete them all and start again. Those who are on it gave their e-addresses voluntarily. Rarely, if ever, has anyone asked to come off the list, although that option has been written into previous emails sent. |
|
25 May 18 - 08:08 AM (#3927025) Subject: RE: Tech: Data Protection Act UK From: Johnny J Thanks, I vaguely remember getting an e-mail re The Tuesday class but I don't know if I went to the trouble of opting in or not. I'm not longer in the class but there was still useful info from time to time re house concerts and so on. However, there are many similar such lists where I've not been contacted. Again though, I'm not unduly bothered. Another thought. I have inumerable historic e-mails(sent and received)which aren't on my home system but still accessible remotely. Quite a few of these will have lists of addresses, possibly on pdfs/word file attachments and so on. Also, from the times when "blind copy" wasn't used. Do I have to track these down and delete them from my e-mail provider's database too? |
|
25 May 18 - 08:23 AM (#3927026) Subject: RE: Tech: Data Protection Act UK From: Nick I had a scam ebay email this morning |
|
25 May 18 - 12:08 PM (#3927074) Subject: RE: Tech: Data Protection Act UK From: GUEST,Peter You only need to be sent an "opt in" email if the sender doesn't have a GDPR compliant audit trail back to your original request. However with the confusion over the whole thing some people are requiring opt-in anyway. Another thing is that I am getting requests from people who hold no personal data about me. My working email address is jobtitle.businessname and as long as they only have my job title and not my name on record it isn't covered by GDPR at all. |
|
26 May 18 - 08:32 AM (#3927224) Subject: RE: Tech: Data Protection Act UK From: Howard Jones Guest Peter, if your working email address links to you as an individual (rather than being shared by a department) then it is personal data. Even if it doesn't identify you directly you could be linked back to it from other sources. |
|
26 May 18 - 08:30 PM (#3927284) Subject: RE: Tech: Data Protection Act UK From: GUEST,ripov If you're getting emails from an organisation they obviously do have information about you. There is a lot of trading in our data that's been going on behind our backs for years. From what I've seen the only difference GDPR will make is that organisations have to tell us they're doing it. Usually buried somewhere underneath the list of marvellous possibilities engendered by letting them know your email address. |