PrimeConduct - GDPR & DPO Services

Risks of Partial Compliance

GDPR for business is partly about tidying up the mountains of stored useless data and of course it is also an opportunity to reengage with customers and move forward that trusted provider relationship.
However, it is also an opportunity for all of us to tidy up our data lives by exiting the services we no longer wish to be part of, and focus on the few that we do. So who am I staying with and who am I deleting.
Well I find this is based on who I currently most use on a regular basis but that list is further restricted by the privacy notices and behaviours of those companies.
One big brand recruitment company that I used many years ago, I was going to exit anyway, but their privacy notice makes you stop and wonder. The paragraph below from their website although honest and transparent appears to be in direct conflict to the Article 4 definition particularly where there is no specific consent for this.
We may also share aggregate demographic information with our Clients, trusted affiliates and advertisers for the purposes outlined in this Policy. While we make all reasonable efforts to ensure that such information is anonymized, it is possible that small amounts of your Personal Data may be included.”
It is clear to me that data is either anonymised or it is not, there is no grey area or partial compliance.
I received another email about a company offering training services on how to be Cyber Secure online. On the surface a laudable objective but when you look a little closer you begin to wonder about the ethics of the company. Whilst lecturing us on being safe online they use tracking URLs in the middle of the email. “Customers should click here to find our FAQ”, has a unique URL to connect each recipient to see if they come back to the site. There is nothing in their Privacy Policy or the email requesting consent to track, click behaviour.
If you bypass this and just go straight to their site you are hit by no less than five tracking cookies. In the Cookie Policy of this website it says
“Please note that third parties (including, for example, advertising networks and providers of external services like web traffic analysis services) may also use cookies, over which we have no control. These cookies are likely to be analytical/performance cookies or targeting cookies.”
So these tracking cookies are on the website owned by the company that published the website and they are not responsible for them? They are transparent that they exist but side stepping responsibility for the cookies, while at the same time trying to suggest they can help you be safer online, hmmm.
Perhaps in the race to compliance some companies are cutting corners or not thinking it through. Even if I like your brand I for one will not sign up if your Privacy Policy falls short of reasonable standards. If you attempt to track me I don’t trust your ethics, if you attempt to obfuscate your responsibilities I will unsubscribe. There is no partial compliance.