In my personal life as a mum, sender of last minute Interflora bouquets, user of online shopping facilities and often registering my personal details for children’s activities, I am well aware that there are many organisations in the UK that hold my personal data. I have noticed in recent weeks an increase in contact from companies seeking to confirm my consent to the storage and processing of my personal data. You may have noticed it too.
In my professional capacity as an IP solicitor, I can tell you why this is.
If you have been to our series of seminars, you will be aware that the introduction of the General Data Protection Regulation is looming – it comes into force in May 2018. Many of the obligations relating to data storage, processing and handling are being tightened up. One such obligation is to ensure that consent to the storage and processing of personal data is clear, unambiguous and freely given.
Accordingly, we are advising clients (and it would appear that the companies which are currently contacting me are being so advised) to re-establish the basis on which customers have given their consent.
For example, I may have consented Interflora keeping my personal details in order to send my sister a birthday bouquet but I haven’t consented to Interflora keeping my financial details so that they can process my next order more quickly. I recently used Interflora, which is why I am using them as an example (the bouquet was lovely by the way), and was prompted to consent to the retention of my financial details in this way.
I have also been contacted recently by companies asking me to confirm that I am still happy that they keep my details. This is because there is going to be a greater focus on the length of time that data is held for. The starting point is that data should not be held for any longer than the purpose for which is was originally collected unless there is a justifiable reason for doing so. Companies are going to have to give thought and reasons as to why data is being stored once the transaction has been concluded. I have just this morning had a letter from xxx store card stating that I have not used my store card for over a year (well done me) and that accordingly they are closing the account and deleting my details. This is exactly what companies should be doing with regard to their historic data.
If you would like more information on the new GDPR then please contact me and we will store your details for as long as it takes to send you our information sheet unless you consent to us holding it for longer.