It’s just a jump to the left…and then a step to the riiiight!
I’ve no idea if that means anything to you, but I know that many people will now be hearing “let’s do the time warp again” in their heads.
I’ll be humming it for weeks.
And not just because Rocky Horror is back on stage in London (with Jason Donovan no less) if anyone fancies a trip down memory lane.
It’s because I’ve just been in a time warp of my own, with someone asking me a question that I didn’t think I’d ever be asked again.
Although in hindsight it was inevitable.
It seems that no matter how often I talk about the reality of GDPR, some people still think that it is a magic spell that covers everything and anything in relation to data.
Someone asks you to sign something – no because it’s a breach of GDPR.
Someone asks you to fill in a form – no because it’s a breach of GDPR.
Someone takes a photograph in public – you can’t do that because it’s a breach of GDPR.
It takes me back to 2018 when Jurassic Park was big in the box office (again), Facebook were in hot water (not for the first time) over data analytics and Donald Trump was in the White House……!
For my part, 2018 involved a lot of public talks on behalf of Harrow Council and similar organisations, where I explained to those in business and those just generally interested, what GDPR really meant. What it meant was having a policy on data protection, and making sure it was reasonable and you stuck to it. Obviously, there was a bit more to it than that, but what people often overlooked was that GDPR gave four different grounds for having someone’s data, and only one of them involved consent. The fourth “catch-all” clause, was legitimate interest which, of course, can cover a wide range of points.
The question that brought about this week’s time warp was whether my client could ask someone to provide a third person’s contact details. My client has a perfectly legitimate reason for wanting the information. They are not going to misuse or abuse it, they will keep it safe and secure whilst they have it, they will delete it when they no longer need it and they are not doing anything illegal to obtain it. So, it’s not a breach of GDPR. In fact, having been asked the question, my first answer was to ask why anyone would think it WAS a breach. It would be a bit like saying that in a divorce case, I can’t contact my client’s soon to be ex-spouse because I don’t have their express agreement for me to have their email details.
So, if anyone is trying to hide behind GDPR as a reason not to do something that you want or need them to do, I’d suggest you start by asking them to point you to the specific provision of the legislation that covers the activity in question. Or better still, ask me, and I’ll ask for you!
Kleyman & Co Solicitors. The full service law firm. Don’t dream it… be it!