Many RISC OS users will have noticed an email or two arriving lately from RISC OS companies about personal data, privacy, and communications. Those emails almost certainly mention something called GDPR – the General Data Protection Regulation – which comes into force on Friday, 25th May, 2018 – the day after tomorrow.
Without going into any depth, the GDPR sets a new standard for protecting personal data, and giving control of that data to the people who actually own it – the people the data is about, such as you, or me. The general crux of those emails, therefore, is to tell you how the companies that sent them handle the information they hold about you. They may also seek your permission to communicate with you about products, promotions, special offers, and so on – and possibly even give you the option to be forgotten about.
In most cases, you will find a link within the email you can click to notify the sending company that you do wish to continue to receive emails from them – for example, RISC OS Open Ltd may want to notify developers who have purchased their C Tools that new versions are available (although their email, strangely, told its recipients what to do to no longer receive emails – do nothing – but failed to include either a link or instructions on what to do to continue receiving them.)
R-Comp have similarly sent out emails to customers, but they have also made a more general announcement, in case there are any customers who were missed from their emails, which they have copied to the RISCOSitory news address.
The company makes the point that they use your data to verify you as a customer of a given product, and therefore your eligibility for upgrades, to provide support, and so on. You can have yourself removed from their databases any time you like – on the understanding doing so will “make it impossible1 for us to provide support/upgrades/warranty or other services that you might reasonably expect. We simply won’t know you exist (as far as our products / services are concerned)!”
The announcement offers four main options, and asks that any R-Comp customer who has not already responded to one of the emails does so in response to this more general item, by sending an email to R-Comp, either at firstname.lastname@example.org or “the usual” R-Comp/RCI email addresses, with one of the following four subject lines:
- GDPR – I CONSENT – to give consent to your data being kept, and to possibly receiving emails (which the company very rarely sends anyway, except in reply to people).
- GDPR – REMOVE – to be removed completely from the company’s databases.
- GDPR – NO CONTACT – to remain on the company’s database, but opt out of receiving emails (which, as noted above, is a rare thing anyway).
- GDPR – DECEASED – to report that a customer who is on the database is deceased2.
If you are asking to be removed in any way, R-Comp asks that you include some identifying information in the body of the email, such as your name or postcode, in case you are now using a different email address than when you became a customer.
They also note in the announcement that none of your data is held on publicly accessible servers and that they don’t store credit card numbers or other sensitive data. (I understand that if you have your card number stored in !Store, it’s kept on your computer and only transmitted to R-Comp when you are making a purchase).
- I’m not entirely convinced that ‘impossible’ is true here – especially if your purchase was made using (for example) a credit card. In such cases there need to be records for accounting purposes, that would be exempt from any request for removal. For purchases in cash (which is often the case at shows), that’s another matter – but looking at it from another angle, there are laws that protect you as a customer to ensure you are not sold goods and services that don’t live up to your reasonable expectations, which is where that magic word “warranty” comes into it. It may be that companies – not just R-Comp – need to think more about providing something to use as proof of purchase when making cash sales at shows.
- R-Comp’s exact words here were “to report that someone is no longer alive.” It’s fairly obvious they meant customers – but that wording provides an ambiguous invitation to someone with a suitably twisted sense of humour (ahem) to send them emails about not just every death they hear about, but also to visit cemeteries and send them an email about the names found on each and every headstone, which they obviously don’t want!