Contracting and GDPR

2. We buy contacts data bases from Poland(EU) company for direct marketing purposes. Should we inform the addressee from these DBs about source of their contacts and is this business lawfully at all?

Answers:

1. To transfer personal data from EU to a third country certain safeguards need to be set up according to Chapter V of the EU GDPR “Transfers of personal data to third countries or international organizations” (https://advisera.com/eugdpracademy/gdpr-text/transfers-of-personal-data-to-third-countries-or-international-organisations/). One of the most used safeguards are the Standard Contr actual Clauses which were drafted by the EU Commission to regulate the transfer the data to third countries. To find out more about transfers of personal data check out webinar “How to make personal data transfers to other countries compliant with GDPR” (https://advisera.com/webinars/how-to-make-personal-data-transfers-compliant-with-gdpr-free-webinar-on-demand/).

2. When obtaining personal data from a third party you would need to provide to the data subject an adequate Privacy Notice as required by article 14 of the EU GDPR “Information to be provided where personal data have not been obtained from the data subject” (https://advisera.com/eugdpracademy/gdpr/information-to-be-provided-where-personal-data-have-not-been-obtained-from-the-data-subject/). To find out more about privacy notices check out our webinar “Privacy Notices Under the EU GDPR” (https://advisera.com/eugdpracademy/webinar/privacy-notices-under-the-eu-gdpr-free-webinar-on-demand/).