Ignorance of the law is no defence
BT has been fined £77,000 for sending nearly five million nuisance emails to customers without their permission. Gloucestershire Police fined £80,000 for sending bulk emails. The Bible Society fined £100,000, Yahoo fined £250,000, University of Greenwich fined £120,000, with more companies and organisations under investigation. Using customer data without permission is against the law.
Every small or large business that holds details of customers or enquiries, has a duty to protect that data and ask permission to retain that information. Brexit and leaving the EU in 2019 will not change that fact. More information for small businesses.
The law is very clear
The Privacy and Electronic Communications Act (PECA) see our guide to the General Data Protection Regulation (GDPR) which applies to all businesses. If you are based in the UK you can make a complaint at https://ico.org.uk/make-a-complaint/ It should be recognised that if after contacting a business,it does not take action, the first step is to write to the company. If, after 30 days they have not contacted you, then you can make your complaint.
If a company is based in a member state of the European Union, then a complaint can be filed at the local Data Protection Authority for that country.
Lets hope we will not be publishing your business name here for breaking the law.
The General Data Protection Regulation (GDPR), effective 25th May 2018.
Companies and individuals will already have seen major companies requesting their private data already held, may be continued to be held. Companies like Facebook and Twitter allow the individual to limit the amount of private data held. Now every business will have to provide the same opportunity.
Expect more requests to retain private data from just about every company that holds this data, but what is your business doing? Please see our guide to the General Data Protection Regulation (GDPR)
Information Update June 2018
This effects everybody that holds private data
The fines could be business breaking, so it is important that action is taken now. Getting sued will be embarrassing, expensive and time consuming. To avoid this, there are important steps that must be taken before 25th May, that every individual or business must take. There have been many warnings about data protection, but now is the time to act before it is too late.
Every computer that hold customer data, every person that can access this data, every printed customer list, email addresses, normal addresses, office and buildings are all covered by this regulation.
From the website to the individual
If a business website does not have an SSL certificate which provides for the https:// before a web address, and the site collects any visitor or customer data, it will be breaking the law. Any business in the world that collects data from citizens of the European Union, must also comply with the GDPR Regulation.
https://www.eugdpr.org/ GDPR and private data here.