Christmastime festivities can bring joy, but it can also bring out the ‘Scrooge’ in many of us. The Information Commissioner’s Office has published a blog which helpfully myth-busts some serious GDPR-inspired data privacy nonsense. The article came in response to the popular social media meme:

“He’s making a List, He’s Checking it Twice, He’s gonna find out who’s naughty or nice, Santa Claus is in contravention of Article 4 of the GDPR.”

Whilst funny, the ICO realises that uncertainty around the GDPR/Data Protection Act 2018 could put a stopper in Christmas festivities. The article outlined some serious examples of how GDPR was being wrongly applied. One example was a Christmas Fayre that saw teachers thinking they couldn’t tell parents what stalls they’d be running because of ‘express consent’ rules. The ICO noted:

“In short, you don’t always need consent to comply with GDPR – it is not the only lawful basis on which you can use someone’s personal information. For example, in this case, the school or PTA had a legitimate interest in being able to contact parents and volunteers.”

The article is useful to help people, especially data leaders, understand the scope of GDPR and how it can be wrongly interpreted with detrimental outcomes.