Kitz Forum
Chat => Chit Chat => Topic started by: jelv on May 30, 2018, 07:56:14 PM
-
My wife received an email over the weekend from a local interest group she belongs to with a consent form they asked people to sign. A redacted copy of the form is attached.
It's not the most professional GDPR consent form I've seen and doesn't cover the fact that the chairperson forwards emails willy nilly which have a very tenuous if any connection to the groups activities (a recent classic was her forwarding everyone a newsletter she subscribes to which included at the bottom the links to alter or cancel her subscription to the newsletter!).
So why do I describe it as a total failure? The email was sent to 30+ members with the recipients as To and not BCC, so they'd instantly contravened their own policy by distributing everyone's names and email addresses to all members!
-
Gawd, the paragraph is poor grammar [be] nevermind falling a long way short of a GDPR privacy policy. :(
This isn't the first time this week Ive seen mention of an organisation disclosing email addresses for all recipients but I can't for the life of me recall who or where it was as Ive read that much on GDPR the past few months, but apparently disclosure on a mailing list would have been a breach of the old DPA nvm the GDPR. Even under the DPA you could have reported the organisation to the ICO as a breach of privacy. Thing is ICO was a bit toothless with DPA, but GDPR carries hefty penalties. :(