Home
Insightful &
Helpful Articles

Here is what we're working on and
thinking at Hedgehog security.

We might have had two years to prepare for the introduction of the new General Da ta Protection Rules (GDPR) but it seems every business left it to the last possible minute before bombarding us all with opt-in emails and if you’re anything like me you used the time as the perfect opportunity to cleanse your inbox.

But then, just as you thought you’d overcome the barrage of emails, a second wave arrived. This time to tell you they’d changed their privacy policies and most people, understandably, hit delete and failed to take any notice.

n

So, what have we learnt about GDPR since its launch on Friday?

Many US news websites were unavailable to readers

Websites, including the Los Angeles Times and the Chicago Tribune were and still are blocked to al l readers based in Europe, due to what publishers Tronc and Lee Enterprises described as "technical compliance issues".

The publishers, which is responsible for 46 daily newspapers across 21 states, posted the followi ng statement across all of the unavailable sites:

We are sorry. This site is temporarily unavailable. We recognise you are attempting to access this website from a country belonging to the European Economic Area (EEA) including t
he EU which enforces the General Data Protection Regulation (GDPR) and therefore cannot grant you access at this time." Chaos, and a lack of understanding of what GDPR actually entails.

According to the Daily Teleg raph, many organisations have "felt confused and stressed" about GDPR, even after speaking to the Information Commissioners Office (ICO) who should have been the ones to put people’s mind at ease.

As a result, the Chu rch of England believed their priests were no longer able to pray out loud in church for their parishioners, who have not given their consent.

A charity, who deliver meals on whiles to elderly and vulnerable people, including m any with dementia, were led to believe that they "needed to send a two-page letter to each client outlining the provisions of GDPR and asking permission to continue to hold their data.

Both of these issues have now been cl eared up – but it is worrying that despite so much being written about the changes so much confusion is still being felt.

Speaking to Radio 4's Today programme on Friday, Elizabeth Denham, the Information Commissioner, reassur ed small businesses that they will not be punished for failing to be ready on time.

"Small businesses should not panic," she said. "We are not looking for perfection. It is nonsense to think regulator will make an early example of small businesses."

Whether this will ease people's minds remains to be seen, complaints were filed within hours of the new rules being put in place. It took just a few hours before the first complaints were filed, with Facebook, Google, Instagram and WhatsApp all accused of forcing users to consent to targeted advertising to use the services.

The Privacy group noyb.eu, which is led by activist Max Schrems said people were no t being given a "free choice".

"The GDPR explicitly allows any data processing that is strictly necessary for the service - but using the data additionally for advertisement or to sell it on needs the users' fre e opt-in consent," said noyb.eu in a statement.

"GDPR is very pragmatic on this point: whatever is really necessary for an app is legal without consent, the rest needs a free 'yes' or 'no' option."

Max Schrems added: "Many users do not know yet that this annoying way of pushing people to consent is actually forbidden under GDPR in most cases."

Click here to test how much you know about GDPR