GDPR, which will come into force on May 25, will make it mandatory for businesses to obtain "clear and precise" consent from their customers in order to store and process their personal information. With the privacy legislation a little more than a month away, it is expected of businesses to contact their customers and to obtain their clear and precise consent before 25th May.
However, a new study by Databoxer has revealed that only a third of consumers in the UK have so far been contacted by firms that hold and process their personal information. According to Tim Haynes, co-founder at Databoxer, brands still don't know where to start when it comes to getting permission from consumers to use their data.
"I'd strongly advise businesses start a repermissioning campaign ahead of the GDPR date. Use content your subscribers are already getting as an opportunity to demonstrate the value of their subscription. Alongside content on your landing pages, present them with the opportunity to reconfirm they want to continue to hear from you," he said.
The firm added that considering that on average, a consumer is signed up to 12 marketing email lists, the fact that only one in three consumers have been contacted so far suggests that the number of firms who have initiated the "repermissioning process" is quite low.
According to Lee Munson, a security researcher at Comparitech.com, The fact that the majority of businesses have not yet been in contact with their customers to confirm they still have their consent to handle or process their personal data is "quite scary indeed".
"While I suspect those that have are among the larger organisations within the UK, the smaller (and tardier) among them are, quite worryingly, likely to be living in a bubble of ignorance about GDPR, rather than simply dragging their heels," he told SC Media UK.
He added that those firms who have not obtained explicit consent to hold onto consumers' details for marketing purposes are "walking into a potentially very expensive area of non-compliance with the new European regulation".
"Any company that thinks it can wait until GDPR is fully in effect to obtain the required opt-in permission has already left it too late and any business that is still unaware of its obligations under the regulation is in very deep trouble indeed," he added.
A separate survey carried out by the London Chamber of Commerce and Industry in January had revealed that in London alone, one in four of firms had never even heard of GDPR. While one in three firms said that GDPR was not relevant to their business, another 21 percent of London-based firms said that they still needed to know more about GDPR to start preparing for it.