Assign topic to the user
EU GDPR DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
EU GDPR DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
EU GDPR DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
He believes that he may use these lists to establish contact with potential new customers as long as he has an opt out/unsubscribe link in the email.
He may continue to communicate with existing customers as he has a business contract with them.
1. Advise if he can continue to contact those people on the current database that are not current customers or have details in the public domain.
2. Advise if it possible to hold sensitive personal data that identifies their religious beliefs (eg a priest or reverend).
3. Is it possible to proceed with purchasing databases from list brokers to ensure compliance with GDPR?
4. If he is handed a business card at a meeting or event, can the contact’s details be added to the contact database without their written consent?
An swers:
1. If you intend to process personal data for the purposes of direct marketing by electronic means (by email, text, automated calls etc) legitimate interests may not always be an appropriate basis for processing. This is because the e-privacy laws on electronic marketing – currently the Privacy and Electronic Communications Regulations (PECR) – require that individuals give their consent to some forms of electronic marketing.
You can check out our webinar “How GDPR Affects Marketing Practices” (https://advisera.com/eugdpracademy/webinar/how-gdpr-affects-marketing-practices-free-webinar-on-demand/);
2. Processing of sensitive personal data would require explicit consent from the individual as per EU GDPR art. 9 –“ Processing of special categories of personal data” (https://advisera.com/eugdpracademy/gdpr/processing-of-special-categories-of-personal-data/).
3. Not sure about that, it highly depends on where did the broker received the list from. Regardless if you obtain the data from another source you need to make sure you comply with the provisions of EU GDPR art 14 – “Information to be provided where personal data have not been obtained from the data subject” (https://advisera.com/eugdpracademy/gdpr/information-to-be-provided-where-personal-data-have-not-been-obtained-from-the-data-subject/).
To learn more about Privacy Notices check out or webinar “Privacy Notices Under the EU GDPR” (https://advisera.com/eugdpracademy/webinar/privacy-notices-under-the-eu-gdpr-free-webinar-on-demand/)
4. Usually business cards contain contact information about a representative of a company and these information can be used to communicate and convey B2B messages. If you only use this for B2B communication this only “opt-out” is required.
To learn more about the EU GDPR check out our free “EU GDPR Foundations Course” https://advisera.com/training/eu-gdpr-foundations-course//
Comment as guest or Sign in
May 21, 2018