Kaspersky Lab offer a whitepaper on GDPR ... along with an example of what not to do!
Kaspersky Lab wrote a blog on 25th May 2017 entitled “How GDPR will affect your business”.
It talks about GDPR in outline, and shares some headline statistics about how data subjects feel about the exposure of their personal data. Interestingly, they say '50% of businesses feel they are prepared for GDPR'. It is a teaser for their full report, which they offer as a white-paper for download.
So here is the kicker, to get the white-paper, you must fill in a few details, all marked “*”:
Given their reputation, the subject matter of the report, the headline, and the content, you would expect Kaspersky Lab are fully up to speed with the requirements of GDPR. And indeed, in line with requirements for consent to be valid under GDPR, there is an un-ticked box.
By ticking the box you agree to the following statement:
In order to get access to Kaspersky Lab’s GDPR white paper, I explicitly consent to the collection and processing of my personal data, as inserted in the registration form above (entry fields in the registration form marked “*” are mandatory), by Kaspersky Lab UK Ltd. I consent to Kaspersky Lab UK Ltd contacting me and providing me with advertising information on Kaspersky Lab’s products and services via email. This information will include personalised promotional offers and premium assets like whitepapers, webcasts, videos, events and other marketing materials and related offers.
I am free to withdraw my consent at any time, by clicking the unsubscribe link included in all promotional emails or by emailing Kaspersky Lab at firstname.lastname@example.org.
The requirements for consent to be valid under GDPR are explicit.
Sounds good, but wait!
GDPR says “… the request for consent shall be presented in a manner which is clearly distinguishable from other matters” and also “When assessing whether consent is freely given, utmost account shall be taken of whether, inter alia, the performance of a contract, including the provision of a service, is conditional upon consent to the processing of personal data that is not necessary for the performance of the contract.”
Does the phrase “In order to get access … ” sound clearly distinguished? To download a white-paper (which is the contract), is it necessary to know your email address? Or your name?
One last question (your Honour), which 50% of businesses does Kaspersky Lab feel they are in?