GDPR is on the horizon and lots of organisations are seeking reconsent by sending you an email to get you to reconfirm your email address.
And that’s fine providing they are doing it the right way. I was contacted recently by a charity seeking reconsent. They had made some fundamental mistakes, including a data breach!
What did they do?
Firstly when seeking reconsent they sent an email to all the subscribers via outlook and failed to hide the email addresses for those they had sent the email to. Therefore I had access to all their other subscribers email addresses. A data breach. Their response when I notified them that they should have used BCC – “It’s an easy mistake to make”. Didn’t exactly fill me the idea that my information security was a priority for them!
Also their privacy policy didn’t meet the requirements of GDPR. Although it did say that the security of the personal information they hold was important to them. Really, given the earlier incident?
Accidentally sending an email to everyone with the email addresses showing is a regular data breach and companies have been fined. In 2016 an NHS Trust was fined £180,000 for failing to hide the email addresses of 786 subscribers to a newsletter for one of their clinics.
Make sure you have a process in place to ensure these “easy mistakes” don’t put your business in the spotlight with the Information Commissioners Office.