Marketing, customer satisfaction and loyalty
Satisfied customers will follow you everywhere

GDPR : don’t be afraid. Nothing will change.

Share This Post On

I was hoping something would change with the introduction of GDPR on May 25th. I was certainly not expecting that consumers would send a lot of requests to companies but I was hoping, at least, that bad practices would decrease under the pressure of the Data Protection Authority. I’m afraid I was wrong.

Read also: 30 days to read privacy policies: consent fatigue will make GDPR ineffective

Here’s a true story that shows that the Data Protection Authority (in Belgium) doesn’t show the expected proactiveness I was hoping to see. In fact their lack of reactivity will ensure that bad behaviors continue.

Step 1 : a sms received from an unknown number redirecting to a chatbot

On a Wednesday morning I received an intriguing sms from an unknown number. I didn’t quite understand the content of it (see screenshot below). A link was included that brought to a chatbot (see screenshot). This seemed very odd to me.

I had never heard of the company before (or at least I couldn’t remember it) and found it very odd to receive a sms (not mentioning talking to a bot).

I decided to call the company (it appeared later to be a recruiting firm). And surprizingly they knew me very well. They had my phone number, all my personal details and a complete copy of my CV in THEIR database.
They told me they had contacted me through the Monster platform. I checked and this was true but I had turned down their proposal.
Yet it seemed perfectly normal to them that because I had a profile on Monster they had the right to copy my data in their own CRM.

Read also: GDPR: what is consent and why it will impact customer satisfaction

Step 2 : Monster Belgium not aware of GDPR and not knowing what to do

The next step brought me to contact Monster and to bring to their attention that one of their clients was stealing data from them in violation of their confidentiality policy.
Surprizingly they found it perfectly normal. The employee who answered my complaint wasn’t aware of GDPR, didn’t know what it meant and was unaware of the steps to take.
I decided to undertake those steps for them and filled an official complaint with the Data Protection Authority.

Step 3 : the disappointing answer of the Data Protection Authority (DPA)

I received the DPA’s answer after 3 weeks, stating that I should contact the company and asked that my data be removed.
In case the problems would persist I could contact the DPA again, the letter said.

Conclusion

The Data Protection Authority’s answer shows that consumers are in fact not better protected than before and that bad and unlawful practices will continue.
What was expected from the DPA in that case was an investigation to find out how personal data could be retrieved from one trusted system (Monster) to be copied in another one without prior consent of the consumer. What was expected from the DPA was they stop this illegal treatment.
Rather they chose to look elsewhere and not to care. This is extremely disappointing.

Tags:

Author: Pierre-Nicolas Schwab

Pierre-Nicolas est Docteur en Marketing et dirige l'agence d'études de marché IntoTheMinds. Ses domaines de prédilection sont le BigData l'e-commerce, le commerce de proximité, l'HoReCa et la logistique. Il est également chercheur en marketing à l'Université Libre de Bruxelles et sert de coach et formateur à plusieurs organisations et institutions publiques. Il peut être contacté par email, Linkedin ou par téléphone (+32 486 42 79 42)

Share This Post On

Submit a Comment

Your email address will not be published. Required fields are marked *