My customers are not interested in data protection (they share everything anyway
Posted: Sun Feb 02, 2025 4:01 am
Anyone who really believes that is not only being very naive about the issue of data protection, but is also acting with gross negligence. Of course there are always some who do not attach much importance to the issue, but this cannot be assumed in general. In the wake of the recurring data scandals, most people have become much more sensitive to the issue of data protection. Of course there are also people who spread their entire lives on social media, but as a rule only the best side is presented, i.e. very carefully selected information. In addition, responsible and transparent handling of data creates trust and that is the basis for your customer to continue to be your customer.
5. Buying consent through bribery or blackmail
10 Points List GDPR - Consent through BriberyVery clever lithuania phone number data providers might be tempted to obtain the consent of their prospects and customers through bribery (e.g. in the form of vouchers) or even use subtle blackmail techniques (e.g. certain payment methods only against consent).
However, this is clearly no longer possible with the EU GDPR (Article 7, paragraph 4). For example, Maximilian Schrems (an Austrian data protection activist) is currently suing Facebook because he believes that Facebook requires too much consent from the user to open an account, which is not necessarily required to operate a Facebook account.
However, there are grey areas as to what can still be seen as a convincing argument for consent and not yet as bribery. The best thing to do here is to ask your lawyer or wait for the first court rulings on the subject, because they will come (see Facebook).
6. Not being prepared for the right to information
10 Points List GDPR - Neglecting the Right to InformationHave you already received the first requests for information about the customer data you have stored? No? Then you have been lucky so far! Because according to the GDPR, everyone has the right to receive information about which data is stored about them - even if no data has been stored at all.
Of course you can manage to answer a single request, but what if there are more? Before it gets to that point, you should urgently think about how you can implement an information process in the company that is as automated as possible, and ideally as soon as possible. Because, especially when there are multiple requests, a month, which you have to provide information according to the GDPR, is not long. Therefore, as much as possible should be digitalized and automated, if only to avoid burdening your own human resources with unnecessary tasks. The data transmitted to the requester must also be able to be processed .
5. Buying consent through bribery or blackmail
10 Points List GDPR - Consent through BriberyVery clever lithuania phone number data providers might be tempted to obtain the consent of their prospects and customers through bribery (e.g. in the form of vouchers) or even use subtle blackmail techniques (e.g. certain payment methods only against consent).
However, this is clearly no longer possible with the EU GDPR (Article 7, paragraph 4). For example, Maximilian Schrems (an Austrian data protection activist) is currently suing Facebook because he believes that Facebook requires too much consent from the user to open an account, which is not necessarily required to operate a Facebook account.
However, there are grey areas as to what can still be seen as a convincing argument for consent and not yet as bribery. The best thing to do here is to ask your lawyer or wait for the first court rulings on the subject, because they will come (see Facebook).
6. Not being prepared for the right to information
10 Points List GDPR - Neglecting the Right to InformationHave you already received the first requests for information about the customer data you have stored? No? Then you have been lucky so far! Because according to the GDPR, everyone has the right to receive information about which data is stored about them - even if no data has been stored at all.
Of course you can manage to answer a single request, but what if there are more? Before it gets to that point, you should urgently think about how you can implement an information process in the company that is as automated as possible, and ideally as soon as possible. Because, especially when there are multiple requests, a month, which you have to provide information according to the GDPR, is not long. Therefore, as much as possible should be digitalized and automated, if only to avoid burdening your own human resources with unnecessary tasks. The data transmitted to the requester must also be able to be processed .