In these days everyone and each of us has been overwhelmed with GDPR-related e-mails and newsletters, everyone with different summarizing though the same issue: the willing from the companies sending the newsletter to be compliant with the GDPR, which has come into force starting from May, 25th 2018 (even if Italy has not released the implementation decrees yet). The newsletters aimed to make the sending company compliant with the GDPR have essentially two purposes: asking for our consent confirm (with or without the chance to modify our personal data) and communicating the reviewed privacy notice.
The newsletter for the GDPR: the new privacy notice
The GDPR, as at this time we all know very well, introduces very specific new ways about how the privacy notice should be written. First of all, the GDPR-compliant privacy notice should be short, transparent, understandable for the one are interested in and easily accessible. In other words, the European Union is asking us to avoid “legalese” for moving our language in something clear and easy, more than ever when we collect and treat underages’ personal data.
The privacy notice must be notified in writing to all the subject involved in collecting and managing personal data, better if we send it electronically. One of the main news introduces by the GDPR is the chance of combining the text of the privacy notice with icons in order to better describe what we are saying in the notice itself. Anyways, be careful: it is not possible to have a privacy notice made just of icons, because these icons must be intended just as something useful to better explain our privacy notice. Another thing to be stressed is the fact that the icons shall not be a work of our fantasy, because they will be released by the European Commission.
The privacy notice must always report our identity and the one of our possible delegate in Italy, in addition to the personal data managing purposes, rights of UE citizens, and the addressee of the data themselves.
The newsletter for the GDPR: the consent confirm
The premises are not nice, but they have to be said: the newsletters aimed to have a consent confirmation from our subscribers is not necessary at all if we had already collected this consent in the right way (it is still effective under the GDPR). On the contrary, we are not allowed to send anything if we never had that consent. Nevertheless, in these days our mailboxes are literally submerged with newsletter asking for our consent confirm to receive the newsletters and in some cases, we have also the chance to modify or update our personal data. So we can say that the most part of these newsletters has been spurred by the wave of panic for the GDPR to come into law and also by a sort of excess of zeal. As we already said, if we collected the consent in the right way, we have nothing to fear. For sure, this kind of newsletters can be read as a way for showing to our subscribers that we care about them and their personal data and that we are working hard to be compliant with the GDPR.
Doubts about the GDPR consent: someone is taking time…
The GDPR is bringing with itself some myths to be debunked: it is always better to be very well informed before we start working. Furthermore, for many reasons (not always easily understandable) combined with the fact that a lot of companies have started too late to think about GDPR compliance, the European Regulation is scaring companies, so much so that some overseas companies are taking time by darkening their websites to European citizens eyes. This is the case of online newspapers such as Los Angeles Times, New York Daily News, Chicago Tribune, Orlando Sentinel, Baltimore Sun and many more. As Il Sole 24 Ore wrote, when we try to open those websites from a European country, we read the following warning: “Unfortunately, our website is currently unavailable in most European countries. We are engaged on the issue and committed to looking at options that support our full range of digital offerings to the EU market. We continue to identify technical compliance solutions that will provide all readers with our award-winning journalism”. It is likely that these newspapers’ boards want to be sure to be fully compliant with the GDPR before doing everything that could be wrong.
The consent according to the GDPR
The new idea of consent coming with the GDPR must follow specific features:
- The consent must be informed;
- Specific for each purpose of managing;
- Free, without influences and without preconditions;
Finally, the consent must be revocable at any time.
Is everything clear? How do you have faced the GDPR? Have you sent any kind of newsletters among the ones we spoke about? Let us know, we are curious!