We know GDPR is a tricky beast. The fear and uncertainty around it have been plaguing everyone from Belfast to Belgrade for the past few years. Whether you’re a one-person tech team trying to implement for a start-up, or a sentry of CISOs in a multinational corporation, the journey to GDPR’s been real.
When it actually came to it, the infamous 25 May D-Day was really quite underwhelming. It just sort of happened, didn’t it? But that didn’t stop us from getting a good laugh from some of the falsehoods, failures and downright facepalms we’ve seen floating around the internet in the past month, as organisations of all kinds navigate the post-GDPR world.
One month on, we’ve rounded up some of our favourite GDPR facepalm moments. They say humour is the best way to educate. So, here’s hoping!
1. Stop it with the Opt-In!
GDPR means that the customer has to actively give their consent to the website to contact them — that’s to say they opt-in, rather than opt-out. Simple, right? Wrong! As evidenced by a lot of major brands, including National Express and BT. Lucky for you, most companies understand the GDPR mechanics, but a handful of companies still don’t get it. And while we see the funny side now, these slip-ups won’t cut it for much longer.
2. When BCC loses the B…
We’ve all had that moment when you’re writing to a colleague or friend and you’re ready to hit send, so you type in their name and ALMOST click the wrong person. Well, a similar thing happened to the New York Times, when instead of clicking BCC (Blind Carbon Copy) someone clicked CC (Carbon Copy). That’s right, the NYT sent its new GDPR privacy policy openly to anyone who had written for them. Cue one mammoth thread of confusion and recipients replying “Please stop clicking ‘Reply All’”. So next time you inevitably make a mistake with a sent message, just remember that it even happens with the New York Times, and unfortunately for them that could see them faced with a hefty fine.
3. In the words of Adele…
GDPR is a protection regulation that all companies who have customers within the EU need to comply with. So, even companies outside the EU have to comply with GDPR if they have customers from the EU. Well, despite GDPR day being the most highly anticipated since Y2K, some companies still weren’t prepared. A number of newspapers from our friends across the pond, including the LA Times, were so unprepared that they had no choice but to shut out their European audience. Cut to one month later, and you’ve guessed it, you still can’t access the website from a European VPN. Sort it out, guys. We miss you.
4. So lonely…
Remember when you were younger and you always got so excited about receiving an email? Remember when that feeling stopped when you became inundated with ads and spam? No doubt your inbox bubbled over with emails leading up to the 25 May deadline with organisations reminding you to opt-in. Granted, you may have received a lot of emails, but if you weren’t on top of them you may no longer be receiving emails from those few sacred sites you actually want to hear from. Now if you only have emails from some spammy sites you need to get out there and sign back up to your OG favourites. (Credit to Lucy Nichol for this one)
5. Clear as mud
GDPR is complicated enough without companies making it even worse for themselves and their customers. Take Halifax Bank, for example. It was as if they were trying to create a debate as controversial as ‘The Dress’ debacle of 2015 when they invited customers to guess whether the blue or white tick box was opt-in or opt-out. Come to think of it, is this really a fail or the next big internet sensation? Nope, we’re going to stick with fail.
GDPR doesn’t need to be difficult
So if you felt overwhelmed by GDPR information, all we can say is no wonder, when we see the blundering confusion it’s caused. Yes, it’s been hard, but it doesn’t have to be as hard as these websites are making out. Put simply, the General Data Protection Regulation is all about making sure that the customer is in control of the personal information they’re allowing companies to access, and making sure this information is handled safely. And for the more complicated bits, there’s a whole host of support out there to make sure your company is navigating GDPR with finesse not failure.
What was your favourite facepalm moment? Did it fall into our top five? Let us know by dropping us a line!
