Yesterday, I went to a church in a suburb of London. One of my closest friends has a little one and I was invited to the service of dedication for the baby. As I walked into the church, the first things I got were a big smile, a warm welcome and a printed privacy notice.
This unassuming, but very lively place of worship has a doubled-sided A4 printout that tells new visitors how it is compliant with GDPR, who the data controller is and how to contact them, how to make a subject access request and how to request that data be rectified. It directed me to the policies page on the website and where to go if I had any further questions.
A consent form is attached to the notice with five boxes to be ticked, through which visitors can let the trustees of the church know what type of information they would like to informed of, such as that relating to activities and groups. There are six boxes on the back page through which new visitors can inform the trustees of their wishes regarding consent to use images and means of communication to keep in touch. A further four boxes are for church members only, allowing them to state exactly what forms of identification they would like the church to hold on them.
It may seem over the top, but I am glad there is a strong desire to behave appropriately and respectfully with people’s personal data. This goes a long way is developing a relationship based on trust.
I remember being at a small poetry event and being encouraged to write my email address on the mailing list. I didn’t want to be rude and so duly handed over my digital contact details, but promptly unsubscribed as soon as the first email hit my inbox.
The GDPR deadline has brought data protection and privacy to the forefront of the public consciousness. Organisations are relinquishing the power they have historically held over individuals’ data and more of that power is now in the hands of the data subjects.
The church’s privacy notice may have been over-cautious with its statement requesting consent for use of images as I did not see any video recording taking place during the service. However, it was very heartening to see that the church wanted to know what my wishes were and respect them before I had even taken a pew. This hasn’t always been the case.
There is a different air and atmosphere around. People are tweeting about their quiet inboxes, while some US websites have gone deathly silent to users in the EU – one way to avoid complying with GDPR and eliminate the prospect of any sort of fine is to block websites to European traffic. Though it is inside (or outside) the letter of the new regulation, I really don’t feel it is within the spirit.
With the dust settling we will soon see the other effects of GDPR. There could be a spike in subject access requests? Have brands seen their customer databases shrink due to low opt-in rates? Will those brands see more engagement from the remaining customers in their databases? Will some US-based websites continue to block access to European users? We will see.
For me, I'm seeing a positive effect on the ground of GDPR coming into force. And one little church on the edge of London has set the bar high for organisations and brands in this age of GDPR.