GDPR...rrrse! Mass-mail fail as German biz asks UK resellers for consent to use their dealer data
What's the worst subject line for an email CC'd to world+dog?
Car heating tech biz Webasto's cunning plan to get all its resellers to sign up to say they consented to having their data accessed, as required under GDPR regs, went a bit wrong when the German company accidentally CC'd a large number of people in its UK dealer network.
We'll spare the blushes of the person responsible (hi Jon!) but we will salute their quick thinking.
Within seconds of sending the email, subject line "Dealer Consent GDPR - FINAL REMINDER", they attempted to recall the message, which inadvertently resent it with the same names and addresses on display again. Oops.
A third email was even more successful in using the blind CC field.
BCC is hard, OK? Quite a lot of orgs blurted your email addresses in GDPR mailoutsREAD MORE
Still, it's not as bad the time NHS Digital blamed Accenture for mass-mailing 850,000 with a registered NHS.net email address. Or the reply-all debacle that happened not once but twice in consecutive months at Cisco.
We're not actually certain the episode at Webasto represents a genuine breach of the EU's General Data Protection Regulation and reckon the company can probably avoid compulsory reporting to the UK Information Commissioner's Office or any of Germany's Federal commissioners for Data Protection and Freedom of Information (BfDIs).
The reporter's equivalent would be writing a story pointing out someone else's stupid typo – you can guarantee such a story will have at least one stupid typo. (This is known in some circles as Murphy's law.)
We've tried contacting Webasto – which also makes chargers for 'leccy cars – for comment but haven't heard back. ®