I don’t know about you but I think this is starting to be common practice in some retailers, the dreaded “Would you like your receipt emailed to you?”.
Now I know about data protection compliance and I know that this fills me with dread, especially if there is a queue, I could probably gather 5 or 6 emails addresses before they even get to me. 🙂
And its a really simple question isn’t it. “Would you like your receipt emailed to you?”. There are more persuasive versions, “Would you like to save the planet and save paper by having your receipt emailed to you?” or “Would you like your receipt emailed to you for your electronic records?”.
The big bit that is missing from this sentence is what they are going to do with my information. I’m not naive enough to believe that they will send me one email with my receipt and that will be it. I’m going to end up on a mailing list, hopefully only one but who knows who else are they sharing my information with. What they don’t tell me is how my information is going to be stored, where is it going to be stored and how long for, do I have the option to unsubscribe from all these lists and finally when are they going to delete my information and that’s just the basics.
This simple question under GDPR becomes a bit of a conversation starter. Do they need consent? Does the fact that I have bought something means we have a contractual arrangement? Either way they need to be able to tell me exactly what they will do with my information, specifically who they will be sharing it with, where it will be stored (in the cloud), how long it will be held and how it will be securely destroyed. If consent is required this has to be freely given, specific, informed and an unambiguous indication of my wishes. This can be given by a statement or by a clear affirmative action to show agreement to the processing of personal information relating to me.
By the time they get through that lot, the queue is going to be a lot longer.