Large companies continue to get it wrong.
There’s been a Facebook ad appearing in my feed recently. It is for a GDPR checklist. So despite not needing a checklist, today I followed the link.
The page asks for your email address, first name, last name and telephone number before you can download the checklist. You shouldn’t have to provide all that information for a free download, its part of the data minimisation principle of GDPR.
Under the box where you put this information is a pre-ticked contact box saying that they will send you email marketing from their group of companies. Already sharing your information across a group! We all know that pre-ticked boxes are not acceptable.
The next paragraph states that if you provide your telephone number, they will follow up with a phone call to make sure you have received their download and tell you about their other services. If the person putting their information into the box is not a limited company, you cannot phone market without their specific consent and if its a mobile number and not a business number the same would apply.
At the bottom is a pop up saying you accept their privacy policy and the link to their privacy policy doesn’t work.
I’m not sure a company that is holding itself up to be able to produce a checklist but cannot follow some of the basics of GDPR should be providing advice.
Will be using the screenshots in some of my training from now on as an example of how not to do it.