Apart from weekly 99-word stories and checking the edits for my forthcoming anthology, I’ve rather neglected my own fiction in recent weeks. Partly because it’s planting and sowing season in my vegetable garden (a.k.a. feeding the slugs); partly because I’ve been grappling with the new General Data Protection Regulations which will become EU law later this week.
I think there’s a herd mentality afoot: if other people are asking recipients to resubscribe, shouldn’t I do likewise? Yet this seems to be a herd without a leader: a procession of kids leaving the town of Hamelin without a piper at the front. Or one of those dreadful chain letters that infected our school days before the digital age. Should I resist?
Because there are risks in sending that please-opt-in email. Like Theresa May calling a snap general election last year to strengthen her hand in the Brexit negotiations, it could backfire. Just as going to the people reduced her majority to the extent that she had to strike a deal with a party that cares so much about its electorate it fights to deny them the reproductive rights available in the rest of the UK, either through apathy or irritation, the numbers can go down. Some sources quote a miserly 10% response rate; that can’t be good for small businesses or the economy as a whole.
Besides, I believe my newsletter address list is already GDPR compliant. When I set it up, although tempted to include everyone with whom I’d ever been in email correspondence, MailChimp’s automation system required me to confirm I had permission, and I couldn’t lie. I can proudly say that everyone on my list has either subscribed through the sign-up form on my website or given me permission at an event. So what’s there to worry about, Anne?
Wouldn’t education be a failsafe route to getting it right? By sheer serendipity, just as I was starting to worry, I received an email from FutureLearn, not asking me to opt in, but inviting me (and thousands of others) to join a course on GDPR. Okay, it took time I didn’t have, with headache-inducing technical terminology, but surely it would be worth the effort? Sadly, although I’ve definitely learnt something, the lecturers from the University of Groningen seemed to have bigger issues in mind than newsletter subscription confirmations.
My next step was Twitter where, among the jokes from people who clearly didn’t share my own anxieties, I found this post on GDPR myths from the Information Commissioner’s Office blog. Hurrah! Refreshing consent is not strictly necessary. I can sit tight! Yet I found the following paragraph confusing:
It’s also important to remember that in some cases it may not be appropriate to seek fresh consent if you are unsure how you collected the contact information in the first place, and the consent would not have met the standard under our existing Data Protection Act.
To my understanding, these are the circumstances in which we should seek consent. So the confusion continues!
Hopefully, everything will settle down eventually. I’m assuming, given recent exposés of some of the bigger players’ shocking disregard for privacy, GDPR will operate for the general human good. But, as when waging war against tyrants, ordinary people can find themselves casualties. I can’t believe that the threats to small businesses – in terms of the time required and potential loss of revenue in losing contact with some customers – is in the spirit of the law. But, hey, making things up is my raison d’être. Let’s hope this story has a happy ending.