Where a company has an existing mailing list for emails, is consent required? If they're already doing business with the company, is consent required? Is consent required before sending an initial email?
Assign topic to the user
Expert
Andrei Hanganu
Jan 18, 2018
Answer:
As regards to the existing emailing list, if the legal basis for processing, where consent has been given under the Data Protection Directive, it will continue to be valid under the Regulation if it also meets the requirements of the Regulation. For example, check that when you obtain the consent you were not using pre-ticked boxes and the request for consent was separate from other matters.
If you have emails of partners you can use “contract necessity as a legal basis for processing assuming you have an already existing contractual arrangement".
As for obtaining the consent by contacting the data subject on email, I would advise against that because by sending an email you are already processing personal data and you would need a legal basis for this.
As key take always:
- Review your existing processes to obtain consent to establish if they are valid under the Regulation;
- Consider if you can rely on an alternative basis for processing;
- If you do want to use consent, put in place processes to record and act on a withdrawal of consent.
Comment as guest or Sign in
Jan 18, 2018
Jan 18, 2018
Jan 18, 2018