As we near the start date for GDPR (read more about GDPR here), it’s becoming a very popular topic indeed.
The big question at the moment seems to be about UK companies using U.S based email marketing software companies. I’ve read quite a bit recently from American companies stating that they are GDPR complaint, I guess this is really to try and stem the flow of UK companies jumping ship. Either ways, it’s incorrect.
Some of the big ones are releasing sign up forms for your customers that are related to GDPR, these forms subtly imply compliance for UK customers.
The bit that they are all glossing over though is that if you are a UK company, then you need to obtain the consent of all of your contacts for their data to leave the E.U, using small print text such as:
“You must get permission from your subscribers to transfer their data overseas. Permission terms will be built directly into our GDPR-friendly forms”
I guess the key phrase is the word ‘friendly’ – that doesn’t mean compliant, in-fact ‘friendly’ carries no gravitas at all. Signing away your legal protection isn’t terribly friendly!
Currently the EU does not recognise that the American data protection law “Privacy Shield” does not offer an adequate level of protection for EU citizen’s private data.
So, by using one of these web forms to provide your email address – what you are agreeing to is to transfer your private data outside of the protection of the law. You are transferring to a country that is not offering an agreed level of protection, ratified by the EU.
Burying this statement (waiving all of your rights) in the small print of a web form seems a little underhand – you could even say that any company doing this might be a cheeky monkey! 😉