GDPR - anyone here know much about it?

[NotoriousREV]

This is where good legal advice is vital:

Soft Opt-In

There is an exception called the ‘soft opt-in’. This means that consent is not required if you are sending marketing message about similar products and services to your customers/clients or those you have negotiated with to provide products or services, as long as:

You give them the opportunity to opt-out when you receive their contact information; and
You give them the opportunity to opt-out when you send them subsequent messages.
This processing is not based on consent, but rather the legitimate interests processing condition and can only be relied up on by the organisation that collected the contact details, not third parties.

Obviously, soft opt-in gets you more people in your DB so is preferable as a business.

[Jobbo]

Soft opt-in is very specific - it probably does apply to many people on your company's mailing list, Rev, but it'd be dangerous for plenty of businesses to rely on it: https://ico.org.uk/for-organisations/gu ... marketing/

[dinny_g]

This is where good legal advice is vital:

Soft Opt-In

There is an exception called the ‘soft opt-in’. This means that consent is not required if you are sending marketing message about similar products and services to your customers/clients or those you have negotiated with to provide products or services, as long as:

You give them the opportunity to opt-out when you receive their contact information; and
You give them the opportunity to opt-out when you send them subsequent messages.
This processing is not based on consent, but rather the legitimate interests processing condition and can only be relied up on by the organisation that collected the contact details, not third parties.

Obviously, soft opt-in gets you more people in your DB so is preferable as a business.

Your initial point related to asking you to re-consent or refresh your consent and how companies are "think they have to do it, this decimating their contact lists" etc.

You now appear to be agreeing with me ?

Anyhoo, one thing you will never get consensus on is GDPR.

[JonMad]

Soft opt-in is very specific - it probably does apply to many people on your company's mailing list, Rev, but it'd be dangerous for plenty of businesses to rely on it: https://ico.org.uk/for-organisations/gu ... marketing/

says, 'you must have given them a clear chance to opt out – both when you first collected their details, and in every message you send.'

I think I'm going to send the quick SurveyMonkey request and get people to opt in as we didn't give them an opt out statement on previous emails sent out (and we'll include such a opt out line in future emails).

Thanks Rev and SJ for that extra info.

[NotoriousREV]

Soft opt-in is very specific - it probably does apply to many people on your company's mailing list, Rev, but it'd be dangerous for plenty of businesses to rely on it: https://ico.org.uk/for-organisations/gu ... marketing/

True, we've gone through very specific use-cases so this may not work for everyone. YMMV etc.

[NotoriousREV]

This is where good legal advice is vital:

Soft Opt-In

There is an exception called the ‘soft opt-in’. This means that consent is not required if you are sending marketing message about similar products and services to your customers/clients or those you have negotiated with to provide products or services, as long as:

You give them the opportunity to opt-out when you receive their contact information; and
You give them the opportunity to opt-out when you send them subsequent messages.
This processing is not based on consent, but rather the legitimate interests processing condition and can only be relied up on by the organisation that collected the contact details, not third parties.

Obviously, soft opt-in gets you more people in your DB so is preferable as a business.

Your initial point related to asking you to re-consent or refresh your consent and how companies are "think they have to do it, this decimating their contact lists" etc.

You now appear to be agreeing with me ?

Anyhoo, one thing you will never get consensus on is GDPR.

How am I agreeing with you? If soft opt-in is applicable, you don't need to re-consent if you've previously operated in a compliant way.

EDIT: The only way to get on our marketing list is to specifically fill in a box and hit a button that says "add me to your mailing list" (consent) or you're a customer who's bought something off us (legitimate interest, with a pre-ticked opt-in).

[JonMad]

I agree that you weren't agreeing.

[NotoriousREV]

I agree that you weren't agreeing.

I disagree. I think?

[dinny_g]

Soft opt-in is very specific - it probably does apply to many people on your company's mailing list, Rev, but it'd be dangerous for plenty of businesses to rely on it: https://ico.org.uk/for-organisations/gu ... marketing/

says, 'you must have given them a clear chance to opt out – both when you first collected their details, and in every message you send.'

I think I'm going to send the quick SurveyMonkey request and get people to opt in as we didn't give them an opt out statement on previous emails sent out (and we'll include such a opt out line in future emails).

Thanks Rev and SJ for that extra info.

Only send your survey monkey request to those who are currently opted in to avoid what befell Honda.

https://ico.org.uk/about-the-ico/news-a ... and-honda/

A separate ICO investigation into Honda Motor Europe Ltd revealed the car company had sent 289,790 emails aiming to clarify certain customers’ choices for receiving marketing.

The firm believed the emails were not classed as marketing but instead were customer service emails to help the company comply with data protection law.

Steve Eckersley, ICO Head of Enforcement, said:


“Both companies sent emails asking for consent to future marketing. In doing so they broke the law. Sending emails to determine whether people want to receive marketing without the right consent, is still marketing and it is against the law.”

[JLv3.0]

Dave and Dinny disagreeing.

This will be resolved almost instantly.

[dinny_g]

[NotoriousREV]

Dave and Dinny disagreeing.

This will be resolved almost instantly.

I brought an Apache helicopter to a knife fight.

[JLv3.0]

I think you're underplaying it.

[NotoriousREV]

Only send your survey monkey request to those who are currently opted in to avoid what befell Honda.

https://ico.org.uk/about-the-ico/news-a ... and-honda/

A separate ICO investigation into Honda Motor Europe Ltd revealed the car company had sent 289,790 emails aiming to clarify certain customers’ choices for receiving marketing.

The firm believed the emails were not classed as marketing but instead were customer service emails to help the company comply with data protection law.

Steve Eckersley, ICO Head of Enforcement, said:


“Both companies sent emails asking for consent to future marketing. In doing so they broke the law. Sending emails to determine whether people want to receive marketing without the right consent, is still marketing and it is against the law.”

The devil is in the detail here: FlyBe were fined because they sent emails to people who had previously opted out of marketing, and Honda were fined because they couldn't prove they'd ever had consent. If either of those things applies, don't send marketing emails.

[dinny_g]

correct.

[JonMad]

So, taking the Honda example, if you can't prove you've never had consent (say, because you didn't explicitly ask for consent), how do you ask for consent apart from by asking for consent (where none of your customers have ever opted out by responding to previous emails by saying anything like, 'please don't send me any more emails)?

[NotoriousREV]

So, taking the Honda example, if you can't prove you've never had consent (say, because you didn't explicitly ask for consent), how do you ask for consent apart from by asking for consent (where none of your customers have ever opted out by responding to previous emails by saying anything like, 'please don't send me any more emails)?

You can't.

[JonMad]

So you could ask them for consent by non-email means (e.g. when you next see them), and record that at that point?

[dinny_g]

or write to them - as in Post. Don't need consent for that.

Rev interesting policy on your "Soft Opt-In's" - "you're a customer who's bought something off us (legitimate interest, with a pre-ticked opt-in)" Do you feel you retain your legitimate interest if the customer subsequently opts out ?

[NotoriousREV]

or write to them - as in Post. Don't need consent for that.

Rev interesting policy on your "Soft Opt-In's" - "you're a customer who's bought something off us (legitimate interest, with a pre-ticked opt-in)" Do you feel you retain your legitimate interest if the customer subsequently opts out ?

Yes, where it relates directly to their booking.