Wetherspoon deleted its customer email database in possible preparation for GDPR

If you face a Risk, you can:
– Reduce / Mitigate – the default posture
– Transfer ( not more my problem)
– Accept ( or sometime it is a passive management decision, fake it and ignore :-/ )
– Avoid

In that post … Avoiding the Risk can be a good and cost effective strategy to comply with GDPR …. good read.

“Like it or not, EU General Data Protection Regulation (GDPR) is coming and companies aren’t entirely sure the best method for avoiding the heavy fines that the regulation imposes for noncompliance. At the core, GDPR requires that people in the EU have the “right to be forgotten” from any system their personally identifiable information (PII) is housed in. In addition, the regulation forces companies to require consent from the individual before storing, processing, and using the PII.

At least one company is looking to remove as much risk as possible. According to Wired, Wetherspoon has simply deleted all of the email addresses from their marketing database. Instead, the company plans on marketing via social media channels, including its Facebook and Twitter accounts, as well as its corporate website. Wetherspoon is doing this to help prevent heavy fines that range from either 2%-4% of gross revenue or 10,000,000 EUR to 20,000,000 EUR, depending on which penalty is higher. Enforcement will go into effect in May of 2018.

The email from Wetherspoons

Jon Baines
“On a risk basis, it’s just not worth holding large amounts of customer data which is bringing insufficient value,” says Jon Baines, chair of The National Association of Data Protection and Freedom of Information Officers. “This could be the case even where the organisation is clear on which customers have given consent to marketing and which haven’t.””

Source: Wired


Be the first to comment

Leave a Reply

Your email address will not be published.