So, they sold my name, address, date of birth of my little one, not sure what else they had.. and it ends up with the Labour Party and consequently I was potentially the recipient of a Labour Party general election publication about their campaign to support the Sure Start programme. This is no criticism of the message and the good work which said policy may deliver. Nor indeed a reflection of my political views. But I’m starting to get a little annoyed here. I do feel a personal invasion of privacy and that of my one year old. Manipulated? Conned? Unhappy? Yes. Yes. YES. Suddenly GDPR has become very personal. I feel a subject access request coming on just to clarify what they have on me and my darling daughter, who else has it and to demand it is scrubbed. Now is this just my nerdy privacy specialist curiosity kicking in or do I genuinely feel aggrieved? Probably both and honestly, more so the latter. And it got me to thinking about who really knows about or actually goes the whole way to exercising their data subject rights. In conversations over the last year and particularly in the lead up to the 25th May 2018 privacy was a hot topic with a typically mixed bag of responses. From general annoyance at a swathe of emails begging for consent to marketing information, scare mongering about what had to be done to denial from the naysayers who thought GDPR compliance was nothing more than a tick box exercise. But the fact is your customers and clients, existing or future, are aware. So, they might not be able to recite GDPR chapter and verse, but they are aware of its existence, have a general understanding of its implications and more importantly their rights. And anyone who feels their rights have been trampled on with a little digging will know exactly what they must do.
Read a little more into the judgement here the failure to clarify within the privacy notice about who they were sharing data with seems to be their undoing.