Perhaps the most important provision of GDPR is that consumer consent for data processing must be “freely given” to be valid. According to the Information Commissioner’s Office’s guidance, this means companies can’t unnecessarily make consent a condition of accessing their service. You must give consumers a real choice.

This is a noble principle upon which all brands can base data-driven marketing strategy. But if GDPR isn’t consistently and effectively enforced, it will be a much less firm foundation.

Some of the most intriguing insights from Cambridge Analytica whistleblower Christopher Wylie’s evidence to Parliament last month were his observations about the ICO’s investigators.

The first was a well-known issue: that they are very few in number, relative to the nationwide enforcement task facing them. The second was more revealing: that not many have a sophisticated understanding of how databases work. That’s an even bigger problem.

As much faith as I have in the ICO’s integrity, independence and determination to uphold consumers’ rights, I fear for their ability to cope with the sheer scale of the task of enforcing GDPR.
Wylie complained he repeatedly had to explain the basic details of the data transfer that took place at Cambridge Analytica, and how this contributed to its ad targeting abilities. Furthermore, he said, in their hunt for evidence ICO investigators asked him the wrong questions; questions that betrayed deficiencies in their technical understanding; questions that a knowledgeable database engineer would not ask.

Sourced through from: