[DanBC]

It's interesting that you mention charities, because as we know in the UK many of them were breaking the law and there has been considerable regulatory action to bring them back into compliance with the existing PECR and DPA.

The fact that they're all contacting people saying "We need to re-gain permission under GDPR" just means that a bunch of organisations were, and still are, clueless about data protection. This, combined with the lack of fines, should be somewhat reassuring to the GDPR sceptics. The laws are widely broken; the regulator hasn't been seeking fines; this is unlikely to change in future under GDPR.

[Silhouette]

I had a different impression from the charity contacts I have, but let's assume you're right for this discussion. Doesn't that mean the only practical effect of the GDPR on these organisations is that instead of funding research to help people who had a stroke or providing water to villages in Africa or whatever other desirable work they would normally be supporting, they're spending time and money on legal technicalities that aren't going to make any meaningful difference to anyone? I still don't see how that's a good thing.

As someone supporting these charities and whose personal data is being used to send the updates on what they're doing, I (and others in a similar position) am the person who is supposedly being exploited undesirably and in need of protection here. And yet, as I wrote before, I was quite clear about what I was expecting to happen when I filled in each form, and none of the charities I deal with regularly has ever done anything I would consider abusive or beyond what I knowingly agreed to. I really would prefer it if they didn't have to waste their resources on this and instead spent them on whatever good work they would normally do, but since every single one of them has contacted me anyway, I have to assume that something about the GDPR-related changes is preventing that from happening.