If I had to pick the one phrase that makes my toes curl up, it is “hello, this is just a courtesy call”.
- My first reaction is – if you have to tell me, then it isn’t courteous.
- My second is – if you know to tell me, then you know it isn’t courteous.
- and my third is – what are you selling?
And what has that got to do with GDPR?
Many organisations have your details because you have done business with them. You want delivery of your goods and services, you recognise the need to pay and you probably don’t mind a quick check to find out if you are satisfied.
However, some our current Data Protection Act isn’t altogether clear about other forms of contact. It allows the so-called soft consent of pre ticking ‘opt-in’ boxes and burying consent in the terms and conditions that no-one reads.
This means some organisations feel they have carte blanche – if not a right – to send us marketing material.
GDPR is much clearer
To contact us an organisation must have a lawful basis:
However, some organisations feel their legitimate interest in selling to us is stronger than our right to privacy. But they are wrong.
What’s more your rights apply equally at work, if your personal data is used to make the contact. That includes an email address with your name embedded in it – eg, Joany_Fletcher@wedobusiness.uk. And if you are a sole trader your business details have the same protection as non-business personal details.
So, don’t be surprised when you give someone a business card and they ask if they can contact you. It is just a courtesy call and should be welcomed.
What can we do?
When you buy something – at work or at home – look for the opt-in. Though you may see some unlawful opt-outs persisting after 25 May 2018.
If you are cold called or emailed (or, heaven forbid, receive a snail mail missive) say ‘I have not given consent, please remove me from your marketing list’. Emails should have an ‘unsubscribe’ link – just make sure that the email is from the company it says it is from before you click a link. You can return paper mail to the sender, be clear on the envelope that you do not want further post.
If the organisation repeats its mistake, you can report them to the Information Commissioner’s Office (ICO). But my guess is that the ICO will be swamped over the coming months, so be patient.