As from today you have the perfect excuse. “I haven’t been in touch because you didn’t respond to my last email – you know, the one where I said that you had to specifically opt in if you wanted further communications? Anyway, Mum, how was your week?”
Like most, I feel that the advent of GDPR – the EU’s General Data Protection Regulation – is a boon. Normally I ignore incoming emails but this just prompts people to send even more in the hope I’ll respond. But this week, ignoring emails has been a way to make them go away in the future. I’ve had pleading emails asking me to stay in touch with companies that have never emailed me before. (I checked.) Though I still seem to be getting emails from someone called “Jessica” asking “Are those your pictures? LOL we have to talk”. She doesn’t seem to have a privacy policy.
Everyone has been getting a blizzard of “please confirm” or “we’ve updated our privacy policy” emails because the GDPR means companies have to acknowledge that your personal data is valuable, and that ultimately control of its use belongs to you rather than them, and that spamming you with marketing emails might not actually be “using your data in accordance with your wishes”.
It’s that simple. The GDPR is a rebalancing of power between us, the people who have to hand over data to do transactions on the internet, and the organisations that intend to blitz us into submission with emails. The ones that most annoyed me in this regard were hotels. More than once I’ve checked in and been requested airily to give my email, and to my suspicious “What is this for?” have been told that it’s just so they can contact me in case I leave something behind. On getting home, it turned out that what I left behind was the chance of booking a room next Christmas/Easter/week at a discount if I entered a code.
Even more important is the recognition that our personal data has real value. Researching my new book, Cyber Wars, which looks at various hacking incidents, I was stunned to discover that TalkTalk was fined more for bad customer service than it was for allowing the theft of the personal and bank details of thousands of people by a cyber attacker.
GDPR changes that. Maximum fines are up to €20m or 4% of the organisation’s global annual turnover, whichever is higher. For TalkTalk, with a turnover of £1.66bn in its latest year, that would have meant fines of up to £66m. That’s the sort of number that gains a board’s attention. And that’s why you’re getting all those emails. Companies are waking up to the fact that if they’re holding more data than they need, and then they get hacked (and as I found, everyone gets hacked eventually), it could be financially disastrous.
So, sure, those emails are a bit of a pain, and a laugh. But they’re also part of a long-overdue recognition that companies have been too lazy about their security with our data. It’s exactly the data detox that we all need.
