Don't get caught out!

Kaspersky Lab offer a whitepaper on GDPR ... along with an example of what not to do!

Do you feel prepared for GDPR?

Kaspersky Lab wrote a blog on 25th May 2017 entitled “How GDPR will affect your business”.

It talks about GDPR in outline, and shares some headline statistics about how data subjects feel about the exposure of their personal data. Interestingly, they say '50% of businesses feel they are prepared for GDPR'. It is a teaser for their full report, which they offer as a white-paper for download.

So here is the kicker, to get the white-paper, you must fill in a few details, all marked “*”:

  • First Name
  • Last Name
  • Company Name
  • Email
  • Number of PC's in your Company
  • Country

Given their reputation, the subject matter of the report, the headline, and the content, you would expect Kaspersky Lab are fully up to speed with the requirements of GDPR. And indeed, in line with requirements for consent to be valid under GDPR, there is an un-ticked box.

By ticking the box you agree to the following statement:

In order to get access to Kaspersky Lab’s GDPR white paper, I explicitly consent to the collection and processing of my personal data, as inserted in the registration form above (entry fields in the registration form marked “*” are mandatory), by Kaspersky Lab UK Ltd. I consent to Kaspersky Lab UK Ltd contacting me and providing me with advertising information on Kaspersky Lab’s products and services via email. This information will include personalised promotional offers and premium assets like whitepapers, webcasts, videos, events and other marketing materials and related offers.

I am free to withdraw my consent at any time, by clicking the unsubscribe link included in all promotional emails or by emailing Kaspersky Lab at

For general information about the processing of your personal data by Kaspersky Lab please see Kaspersky Lab’s Privacy Policy.

The requirements for consent to be valid under GDPR are explicit.

  • You must give clear consent
  • By a positive affirmative action
  • You must be clear about how your personal data must be used
  • You must be told you can withdraw your consent at any time
  • It must be as easy to remove consent as to give it

Sounds good, but wait!

GDPR says “… the request for consent shall be presented in a manner which is clearly distinguishable from other matters” and also “When assessing whether consent is freely given, utmost account shall be taken of whether, inter alia, the performance of a contract, including the provision of a service, is conditional upon consent to the processing of personal data that is not necessary for the performance of the contract.”

Does the phrase “In order to get access … ” sound clearly distinguished? To download a white-paper (which is the contract), is it necessary to know your email address? Or your name?

One last question (your Honour), which 50% of businesses does Kaspersky Lab feel they are in?

If you need proper advice about GDPR, contact us!

FREE initial consultation!

Call now on 0800 2800 679