"The GDPR will require us to dump our existing customer marketing database and go out and re-seek consent from everyone!" is a concern often heard from clients' marketing teams - but is it actually true? This blog explores why the GDPR's new unambiguous and auditable consent requirements may not be quite as impactful for marketing teams as many fear...
The Court of Appeal has given its verdict on how far a data controller needs to go to comply with a data subject access request. The answer: pretty far. The impact: the motive of the data subject in making the request is irrelevant; the legal privilege exemption is not a catch all exemption; evidence must be put forward to rely on "disproportionate effort". The slight benefit: contrary to the Information Commission's Subject Access Code of Practice, the disproportionate effort ground may apply to searches for personal data, not just providing copies of data.