GDPR question - b0ll0x or not?

[graham bowers]

Thanks for responses, clearly bcc is the way to go unless permission to share is sought and granted.
I was hoping not to get too sucked in to this subject, however will read through the guidance that @Slick linked.

 

[mjr]

The key is consent. You need to get consent, off all of the recipients, that they are happy for their email addresses to be shared. Otherwise, yes you need to use BCC.

I think consent should be viewed as an alternative to it being permitted for one of the other reasons listed in the regulations (to fulfill contractual obligations, for example). I suspect there are a lot of unethical people asking for over-broad consent so they can do naughty things with people's personal data in the future, but time will tell.

However, it seems unlikely that any of the other reasons would apply in the OP's example so, yes, I'd bcc or get consent.

 

[Brains]

BCC should be the default setting for circular messages.

Other than GDPR there are a number of other reasons to use BCC.

If someone hits 'reply all' rather than 'reply' they everyone gets the inane conversation back and forth.

People do not want to see large blocks of e-mail addresses on the top of the e-mail.

What idiot is still using the e-mail address they set up when they were teenager, so just who is tinkerbell@hotmail or bubblebutt@gmail ?

Most importantly; Many companies (and even some ISP's) block e-mail with more than a few CC addresses, Barclays the company for example blocks at about 5 addresses, Vodafone the ISP blocks at about 50.

 

[Ming the Merciless]

GDPR aside I hate having email addresses shared with all and sundry. Soon leads to junk email and other crap.

 

[mjr]

GDPR aside I hate having email addresses shared with all and sundry. Soon leads to junk email and other crap.

FTFY

 

[gavgav]

I'm not sure if we're talking about exactly the same thing but this thread got me thinking so much so I had a discussion with our compliance officer this morning and they are satisfied that single points of information is still in scope of the new regulations for emailing to other stakeholders.

I think GDPR is a bit of a minefield, not helped by the initial panic mode from many organisations, and some pretty dodgy guidance out there on some unofficial sites. I’m an Information Manager and so have spent many an hour in some pretty mind numbing workshops on it so far!! The key to me, is the word “consent”. It’s a very simplistic starting point and some scenario’s do need a lot of digging into the guidance, but if you keep that word in mind, then you won’t go far wrong.

 

[Pro Tour Punditry]

I think GDPR is a bit of a minefield, not helped by the initial panic mode from many organisations, and some pretty dodgy guidance out there on some unofficial sites. I’m an Information Manager and so have spent many an hour in some pretty mind numbing workshops on it so far!! The key to me, is the word “consent”. It’s a very simplistic starting point and some scenario’s do need a lot of digging into the guidance, but if you keep that word in mind, then you won’t go far wrong.

Likewise, I am senior information officer and spend many hours with our data protection officer. Some organisations have made a right Horlicks of it, I'd like to think we have made decisions which adhere to the legislation, the spirit of the legislation and the practical realities of the working environment. The ICO seems to be happy enough with our approach so far!!

 

[flake99please]

What idiot is still using the e-mail address they set up when they were teenager

Im guilty of this. My eBay and PayPal accounts are still associated with it. I’ve never bothered myself enough to change it.