I do sympathise with small businesses, and of course, with harmless and well-intentioned forums.
But I do think that GDPR will solves some real problems.
A few months ago, I booked a stay in a UK hotel, part of a large and respectable chain that I’d not used before. When checking in, I made sure to tick the box saying words to effect of “no spam please”. A few weeks later, the spam started flooding in... special invitations for weeken breaks in the chain’s other hotels.
I complained, pointing out that I had never consented to this spam. It turned out, buried in the T&C on the online booking page, words to effect of... “by using this booking service you are
deemed to be consenting (to spam)”. The “deemed” consent also included permission to have my data passed on to other organisations.
My understanding is that a big part of GDPR is about outlawing such ridiculous “deemed consent”. Consent now needs to very explicit, and the hoteliers and other spammers must be able to prove that genuine consent was freely given. “Deemed consent” like this, whilst very common, always was a very dubious business tactic, and I am glad if GDPR puts an end to it.
But repeat again, sympathies for those affected by GDPR, but who were never doing anything bad in the first place. I can’t help thinking that these are unintended consquences, but that doesn’t make them go away.