GDPR news

05 February 2018 Christine

The right to be forgotten: what is it & how does it relate to the GDPR?

The GDPR will come into effect on the 25th of May and govern how we perform email marketing and data handling from now on. The GDPR will mean that what data organisations can store will revolve heavily around the idea of consent, and place much more power into the hands of the individual, giving them more of a say as to which companies store what data and how they use it. There are different rules for organisations who are looking to store the data of B2B customers and B2C. For B2B marketing, an individual’s data can be processed by a company if it can be proved that the company is doing so due to legitimate interest. We’ve written an article about this very subject entitled ‘What is "consent" and "legitimate interest" in relation to the GDPR?’ I highly recommend you take a look for more clarity on this.

What will change?

It’s important to note that the right to be forgotten has been around in varying forms for a long time. If in individual wanted to see what personal information of theirs a company was storing, they could officially raise a ‘subject access request’. This would consist of a form to be filled in by the individual and handed to the company. The company could then reply, often asking the individual for a fee. All that will change here is that now getting hold of information is easier.

Let’s use an organisation which conducts B2C marketing, like a cancer awareness charity, as an example. In the past, when a consumer pays for a donation they’ll most likely have filled out a form which contains a tick box encouraging them to ‘tick here if you don’t want to receive marketing from us’. This is called opting-out, and this marketing technique for B2C will be abolished when the GDPR comes into effect. Consent to store and process data must be opted-in to and the consumer must be aware of exactly what their data is being stored for. Moreover such consent will not last forever, and will need to be re-confirmed by the consumer regularly. Using the example above, the consumer when donating online will now see any number of tick boxes which ask for specific consent like ‘can we store your birth date so we can email you on your birthday?’ or ‘can we email you about our fundraising campaigns?’

What is ‘the right to be forgotten’?

Under the new regulations, individuals will be able to remove their consent at any time. They can do so usually by contacting the organisation or unsubscribing from email communications, This is the case now of course;  procedure for this will vary from organisation to organisation but the result means that the user won’t receive any more correspondence but their details are kept on file. The right to be forgotten will add an extra element to this. Otherwise known as the ‘Right to erasure’ the right to be forgotten means that a user has the option to ask to be completely removed from an organisation’s database.

The right to be forgotten can actually do more harm than good to a consumer, and it’s important to remember this.

What are the drawbacks?

Invoking your right to be forgotten sounds like an act of freedom for the consumer. In theory it means that they can rest easy knowing that not only is their inbox not going to be bombarded with unwanted spam, but it means that they know their personal data is safe. Companies won’t even know your name if you don’t want them to. But the right to be forgotten can actually do more harm than good to a consumer, and it’s important to remember this.

If you have asked that charity we mentioned above to completely erase every trace of you from their database that means they won’t know who you are, they won’t have access to past correspondence and, most importantly, they won’t know you don’t want to be contacted. There is nothing to stop a future employee from prospecting to you in the future. Asking to be forgotten doesn’t mean that you’ll receive lifelong peace and quiet. It means the opposite.

What can you do?

The right to be forgotten can apply to any consumer, B2B or B2C. Any individual can ask any organisation to erase them from their database at any time and the effect will be the same. There’s not much an organisation can do if their members, donors or potential leads ask to be forgotten. Legally they have to comply with their request to be erased. However it’s important to let web users know of the repercussions of taking such action.

Ensure your correspondents have quick and easy access to information they will want to receive and a way of picking and choosing and especially unsubscribing if necessary. With the new measures coming in it will be important to stay in contact with individuals, so you can ensure they’re still happy with the service and correspondence they’re receiving, as well as what data you’re storing of theirs.

It can seem to many that the GDPR has quite a few conflicting rules, from the blurred lines between legitimate interest to consent, to regularly having to keep in touch to ensure your audience is still happy with all the information they’re receiving meaning that you may in fact be contacting your members more than ever. One thing is for sure though; the GDPR will encourage and open up much more of a dialogue between data owners and data processors. As long as you remember to communicate with your audience you won’t have an issue.

Further information

We’re looking to produce a series of informative articles in the coming weeks about the GDPR and how it will affect membership organisations, so keep an eye out on our news sectionLinkedInFacebook and Twitter over the coming months. And of course if you wish to chat about redeveloping your organisation’s website to make membership tasks much more GDPR friendly and less hassle for your membership team, then simply get in touch.

Want to receive monthly articles and updates containing advice and inspiration for the membership, nonprofit and charity community? Why not subscribe to Senior's mailing list?