FLO & GDPR

[FLO]

FLO occasionally emails a newsletter with details of new products, offers and events. It doesn’t happen very often because we promised only to send one when we had something special to say, but we do send them  

To comply with new General Data Protection Regulations 'GDPR' (beginning May 25th) it is necessary we email everyone who chose to subscribe to the newsletter asking if they wish to continue recieving it. 

That email went out today. 

If you wish to continue receiving news and offers from FLO, via email, please open the email and click on the ‘Keep me subscribed’ button. Otherwise we will lose touch next week. 

If you change your mind you can of course unsubscribe at any time. 

Regards,  

Annette, Grant, James, Jenna, Lisa, Martin & Steve (the FLO team)

[Uplooker]

Thanks. Already agreed. Bloomin’ heck, my inbox is rapidly filling up with these GDPR requests

[FLO]

10 minutes ago, Uplooker said:

Thanks. Already agreed. Bloomin’ heck, my inbox is rapidly filling up with these GDPR requests

Thank-you for resubscribing  

I think, like us, most people are leaving it to the last minute. 

We have had some wonderful replies from people who have resubscribed, including one tongue-in-cheek response that included this image 

 

[Alan White]

Yep, along with the FLO one I had 15, yes 15 today!
I go online far too much.

Oh and I did resubscribe to FLO of course.

[25585]

Done. 

[DaveS]

Yes, done as soon as the email came through

[TSRobot]

Done it. Quick as a flash (ah ah, saviour of the universe)

[RayD]

I've not had an email.  Does that mean I wasn't subscribed?

SUBSCRIBE ME DANNO!

[mark skelton]

Done and dusted

 

[FLO]

15 minutes ago, RayD said:

I've not had an email.  Does that mean I wasn't subscribed?

SUBSCRIBE ME DANNO!

I don't think we can subscribe you, it's against the rules, but if you login at our website you will find the necessary tick-box  

HTH, 

Steve 

[RayD]

2 minutes ago, FLO said:

I don't think we can subscribe you, it's against the rules, but if you login at our website you will find the necessary tick-box  

HTH, 

Steve 

Oooh I never noticed that little mite sitting down there in the corner.  I'm all ticked up.  Now then.........................

[ampleamp]

Can't you just keep us all onboard and claim "legitimate interest" 

[jam1e1]

FLO is the only one I have actually resubscribed to out of 15ish so far.... 

[JamesF]

3 hours ago, FLO said:

I think, like us, most people are leaving it to the last minute.

I'm really not surprised.  I do agree that people should have their personal information strongly protected when it is in the hands of others, but for small organisations it's quite onerous.

We're still dealing with it at the swimming club at the moment, which is run by a committee of six unpaid volunteers with four (also unpaid) volunteer coaches plus the head coach, most of whom already give up a huge amount of time (probably the equivalent of almost two working days per week in my case) and are parents of school-age children and don't have much more time to give.

I imagine that many astro clubs must be similarly affected.

James

[JamesF]

8 minutes ago, jam1e1 said:

FLO is the only one I have actually resubscribed to out of 15ish so far.... 

I've had more than I can recall.  Quite a few from organisations I have no knowledge of nor have ever had any relationship with.  I suspect a few may be taking the opportunity to get new people into their marketing machine less than completely honestly.

James

[jam1e1]

7 minutes ago, JamesF said:

I've had more than I can recall.  Quite a few from organisations I have no knowledge of nor have ever had any relationship with.  I suspect a few may be taking the opportunity to get new people into their marketing machine less than completely honestly.

James

great point James - ive seen a couple that i'm sure I never subscribed to....makes more sense now!

[fozzybear]

I have just subscribed, thought I was already but apparently not.

[fozzybear]

not wanting to put a damp squid on anything, but does this also affect forums in the UK?

"The GDPR applies to all organizations established in the EU and to organizations, whether or not established in the EU, that process the personal data of EU data subjects in connection with either the offering of goods or services to data subjects in the EU or the monitoring of behaviour that takes place within the EU. Personal data is any information relating to an identified or identifiable natural person. "

The good service that SGL provides should not warrant emailing every member to accept, the reason why, I have received an influx of emails from french forums I subscribe to. Plus the UK offerings

a real royal pain in the neck. Strange not had anything from amazon yet or ebay

[LukeSkywatcher]

I was surprised to get an email from FLO. My 1st thought was "oh nuts, what have I done now". Then I thought "wait, those emails... when you've been naughty come from SGL" 

I've resubscribed. Looking forward to my next email in about 10 yrs because it was the 1st I've had in my 10 yrs of being on SGL. 

"The GDPR applies to all organizations established in the EU" 

There's your answer. FLO was established in the EU. You (UK) leaving makes no difference. Data protection laws will remain the same as they are, along with other things such as sharing of intelligence between UK agencies and EU agencies. 

[LukeSkywatcher]

Now the data protection emails are coming in fast. Had one from Dyson, PayPal, and a couple of obscure companies that I don't think I've ever communicated with or given my details to. I think I got one from Amazon a couple days ago too. 

[RayD]

Just be careful.  We got a warning from our IT company noting that scammers are using this as an opportunity to get you to click links to "confirm you want to keep hearing from us".  Most are genuine still but, as always, click with caution.

[LukeSkywatcher]

1 minute ago, RayD said:

Just be careful.  We got a warning from our IT company noting that scammers are using this as an opportunity to get you to click links to "confirm you want to keep hearing from us".  Most are genuine still but, as always, click with caution.

Good to know. If its a company I've dealt with, I'll click. I delete the rest. I also study the site where link takes me. There's always something out of place on a fake website. Reading the source code is a good way to find out. If it's well written then the site is most likely real. If the code is badly written then usually something fishy going on. 

This method is only useful if you can read and understand HTML etc. 

[Stub Mandrel]

17 hours ago, FLO said:

To comply with new General Data Protection Regulations 'GDPR' (beginning May 25th) it is necessary we email everyone who chose to subscribe to the newsletter asking if they wish to continue recieving it. 

My understanding is that if they chose in the first place, you don't need to renew the permission, but you do need to facilitate people opting out in the future.

[Marci]

Quote

Myth #9 We have to get fresh consent from all our customers to comply with the GDPR. 

You do not need to automatically refresh all existing consents in preparation for the new law. But the GDPR sets the bar high for consent, so it’s important to check your processes and records to be sure existing consents meet the GDPR standard. If they do there is no need to obtain fresh consent.

https://iconewsblog.org.uk/2018/05/09/raising-the-bar-consent-under-the-gdpr/

All depends on how they did it originally and whether their privacy policy at the time was up to scratch.

Technically a lot of this is overspill from PECR, which came in to play quite some time ago but it wasn’t made a big deal of so most were unaware and have been breaking marketing comms regs for the duration. It ties in with the new GDPR consent system. 

https://ico.org.uk/for-organisations/guide-to-pecr/electronic-and-telephone-marketing/#consent

[Marci]

16 hours ago, fozzybear said:

not wanting to put a damp squid on anything, but does this also affect forums in the UK?

Yes, it does. They shouldn’t need to document their processes fully unless they charge for features, but they still need to comply with consent etc and ensure their Privacy Policy is up to scratch, and clearly linked alongside where consent is collected, with full details of right to erasure, SAR requests etc. Not sure whether Invision are already working on an update to cover it. I know Wordpress have just added necessary tools into latest update (yesterday) so any astro societies using Wordpress can update and take advantage of those. Forums are a different matter. I’m looking at closing minimotoscene.co.uk down after many years in operation as a result - as we charge an annual subscription for enhanced access, GDPR compliance becomes even more complicated. As soon as you’re selling a service, you have to document the legal basis for every data field in the database that falls under personal information. There are also complications with the fact an IP address is considered private identifying data - technically right to erasure means also identifying a user’s ip address then ensuring mentions are purged from all server logs, as well as the database, unless you’ve got specific policies documented and in place to provide legal basis for retaining. And you can’t retain indefinitely, so then you need to ensure server logs are only held for so long, database logs are purged at similar frequency... (if you’re on shared hosting, a lot of this is beyond control of the site admin, so then you have to start prodding your server hosts for their compliance documents etc and ensure you’ve documented that ip is passed to a 3rd party....)

There’s a pile of best practice technical guidance that comes into play if your data is stored electronically also that folks are expected to comply with that assumes a level of competence from a web site owner / developer... involving how database tables are structured, ensuring private data is separate and pseudonymised from other data etc. MAJORITY of good packages out there have been doing this for years but there are still some ignored areas that I presume vBulletin, Invision, Wordpress, Joomla, Drupal et alle will all be bringing out updates for in the not-too-distant. General public won’t see much about this but web admins & developers’ll be banging their heads on the desk for a while yet.

It goes way deeper than those emails dropping into your inboxes.

<apols for wandering o/t>