Customers are asking me whether they need to do anything about the new GDPR regulations. They want me to tell them that either they don’t need to worry because they don’t have a mailing list, or they just need to send everyone their privacy policy and everything will be fine. It’s not as simple as that because data can be stored in many ways and for many reasons – you need to actually read the guidelines to decide what applies to you.
The best explanation I’ve seen is here so take a few minutes to read that. In particular, you may have “legitimate interests” for storing personal data even if you can’t demonstrate consent.
Don’t just email all your contacts “to be safe” as everyone seems to be doing this week. That in itself may be illegal and make the problem worse. But that doesn’t mean you have to wipe your address book either. The following link has more details: