avtur3 wrote:Is this reflective of big business not understanding (or different IT folks making different interpretations of) GDPR or is there perhaps something subtly different about the way I originally signed up to these organisations that warrants the different approach
I would guess the former, in many cases.
There is an unbelievable amount of misunderstanding and misinformation about GDPR. Much of it is caused, AFAICT, by lawyers and 'consultants' whose main interest is the fees they can milk it for.
I have nearly 70 clients, all of whom are data controllers, and the vast majority of whom would IMHO be absolutely fine using Legitimate Interests to comply with GDPR (and all for the same reasons). With all the standard caveats, obviously, about transparency, documented processes, and giving people the right to withdraw if they wish.
Yet some have opted for consent, for no good reason other than the lawyers told them (without rational explanation other than 'caution') they must; some have had so much conflicting advice that they've put off doing anything until very recently, finally choosing Legitimate Interests as a backstop; some have attempted (until I suggested otherwise) a potentially disastrous half way house, claiming Legitimate Interests but seeking consent as well.
The whole thing has been a complete mess so far. It's been compounded by the fact that until relatively recently the ICO guidance was not all that clear and/or easy to find, and the media and so-called experts have often been either plain wrong, or have focused on the wrong things - like the potentially enormous penalties for non-compliance, which only puts the frighteners on everyone.
I really hope it all simmers down, but I fear it's got a way to go yet.