A leading GDPR consultancy firm backed by the UK’s prominent cyber barrister has issued a stark warning over the UK's "shark-infested waters" which will become a "GDPR battleground".
While the dramatic intervention comes at odds against downplaying the legislation, the director of GDPR specialist ELIAS Partnership Richard Dutton has been meticulous in drafting the firm's advice, with careful council from leading cyber expert and barrister Dean Armstrong.
Speaking to C&IT, Dutton said: "Now that GDPR has come into force there has been lots of talk downplaying the new legislation.
"But this couldn't be further from the truth. On the 25 May - the day GDPR came into force - Google, Facebook, WhatsApp and Instagram were filed with €7.6 billion (£6.7bn) of complaints for allegedly seeking "forced consent" in their terms of service by privacy activist Max Schrems. This is the first high profile EU GDPR shark attack."
Dutton says that while these complaints are being pursued in France, Austria, Germany and Belgium respectively, the UK's "shark-infested waters will also be a GDPR battleground" as the privacy activists, consumer groups and claims management companies line up their targets to test Article 82 of the Regulation.
- Join C&IT at the second instalment of C&IT’s GDPR Roadmap for a tangible and practical guide on how to navigate this new GDPR setting. The agenda will include a "GDPR Legal Clinic" hosted by Dean Armstrong, barrister and acclaimed author of the book "Cyber Security: Law and Practice.
Dutton added: "There is incontrovertible evidence from the deluge of re-consent emails consumers have received in recent weeks that large numbers of companies have either misunderstood the GDPR or have been poorly advised.
"Did you get the email offering you a free £10 taxi ride if you consented to receiving emails from the taxi firm? Bad idea! You can't bundle consent like this as it has to be 'freely given'."
Dutton says that data-savvy consumers fed up with the email avalanche have already submitted their Data Subject Access Requests to those companies - who now have to respond within 30 days.
He says "Expect a flurry of complaints from 26 June against those companies that have not got their processes in place to deal with these requests.
"The GDPR shark has not gone away - it is still patrolling the UK's data waters - looking for its next victim."
For more features and breaking news sign up to C&IT Magazine's daily Newstracker here.