Why GDPR is FUBAR

By Chas Rowe

 

GDPR: like trying to understand the Kennedy assassination

GDPR: like trying to understand the Kennedy assassination.  Photo credit: Jesse757 

The EU’s GDPR (General Data Protection Regulation) is like the Kennedy assassination: everybody’s got an opinion about it, lots of people claim they’re experts, nobody seems to be right, and we may be destined to debate it forever.

And like the death of America’s 35th president, to me at least, GDPR has been a big, bloody mystery, that’s left a hole in my head and my brain falling out.

You’d think that laws should be unambiguous. Hold your mobile at the wheel and conduct a phone call? If caught, that’s 6 penalty points and a £200 fine. Simple.

The new EU data law that streamlines data protection for citizens of member states?

Well, it’s a bit like asking ”what does the EU Commission do?”, ”why is the European Parliament in two places?” and ”what is the point of Jean-Claude Juncker?”

Most people don’t really know.

Search Me

Not even the oracle of all human knowledge, Google, could help me with understanding how I should comply with this new set of laws.

I did several searches. I looked at countless blogs about GDPR – some from voiceover artists, some not. I also consulted GDPR videos on You Tube.

Rarely was there any consensus on what, as a sole trader, I should actually be doing to ensure compliance, even if the person relaying the information seemed confident, professional and authoritative on the subject.

I’ve also had several conversations about GDPR, some of those with my peers, others not, and one with a GDPR ”ambassador”.

Some of my colleagues have claimed that if you send out marketing emails, your contacts must opt in. Others have claimed that because they don’t send out marketing emails, they just have to publish a privacy policy and inform their (potential/past) clients. A third group of people have argued that GDPR is nothing to do with them and they have done exactly that: nothing.

It’s like playing Chinese whispers. The entire rollout of GDPR has been FUBAR. You don’t know whether to laugh or cry.

Convert GDPR www.Convert.com/GDPR/

Photo credit: Convert GDPR

Lost In Translation

Even the GDPR mailshots from companies I’ve received have been confusing. Some merely informed me that they have a new privacy policy and invited me to read it (no mention of opting in to communications – the 11th commandment that many ”commentators” and ”experts” have been very vocal about). Others told me the only option was to ”opt in”, or it was goodbye for ever. Others still gave me the option to ”opt in” and ”opt out”. In, out, in, out, shake it all about. Why don’t we all do the hokey cokey? It’s been a Morris dance of madness, I tell thee.

I was further concerned to learn that global e-tailing behemoth Amazon, being a company that holds the data of EU citizens, has not emailed me to tell me how it is complying with GDPR.

And there are other companies, both big and small, who hold my data but haven’t been in touch. Even good, past and current clients.

One potential client, on receiving my Privacy Policy email, asked to ”opt out” of receiving updated showreels or news about me that would be of interest to him. But, and here’s the rub: he did inform me that I’m on his database and his company will be in touch when something suitable comes up. Really? So if I’m on your database, I should be getting an email from you about your new privacy policy and how my data is safely stored, right? Right? Right? Echo, echo, echo… Yes, with GDPR it really feels as though you’re talking to yourself…

Which clearly I was, when a string of ”out of office” automated emails came through on May 25th – one of the senders proudly declaring: ”I am currently out of office swimming in the lakes of Slovenia”.

What’s the betting that those recipients will actually reply, and act on, my careful copy about client-related compliance? Close to none, I’d say. I mean, fancy putting something into law on a Friday before a bank holiday weekend. You have to wonder if EU legislators are sniggering behind their copies of the GDPR, thinking they’ve pulled off a hilarious prank at our expense.

Photo by Rodolfo Clix from Pexels

Photo credit: Rodolfo Clix 

God Help Us

And it seems that, whether you understand it or not, and no matter how much you take his name in vain, not even God can help you with this. ”Prayers for the sick may breach GDPR, Church fears” was the headline in Saturday’s Daily Telegraph. It, too, was full of contradictions, both from the Church of England and the Information Commissioner’s Office, about whether you can actually pray for a publicly named, sick person. Surely the fact (or is it?) that you might have to get the person’s consent ruins their chances? Or, perhaps the power of prayer will work better now that there are proper rules in place around it. God knows. But I bet even He is probably washing his hands of the whole thing.

So who do I blame for the Generally Distracting Pain in the Rectum?

First: EU bureaucrats for making everything unnecessarily difficult (see Brexit negotiations); second, journalists for forecasting doom, mass incomprehension and fines of up to €20m; and third, ”experts” and ”commentators” for constantly contradicting one another.

Still, you can always rely on ”GDPR” to clean up the mess. The unfortunately named PR firm does crisis communications, don’t you know.  However, given the considerable acrimony over their legislative namesake, one has to wonder if its bosses are now reluctantly heading for a rebrand.

© Copyright Chas Rowe 2018

Banksy photo ‘Banksy Does Brexit’ taken by Duncan Hull.
Used with permission under Creative Commons Licensing.