The General Data Protection Regulation (GDPR), which is to come into effect on 25 May, 2018, will affect many areas of the everyday life in your company – including e.g. labor-law agenda, personal data protection and arrangement of the required IT protection standards, or implementation of appropriate organization directives and other legal documentation.
The companies, however, ought to pay special attention to the processes which their operation is most dependent on, namely processes connected with promotion of sales of their goods and services, often in a form of direct marketing. Many firms have lists of potential customers to whom they sent emails containing advertisements or, as the case may be, they contact their prospective clients by telephone.
Although GDPR does not ban direct marketing per se, such processes need to be adjusted so they meet the GDPR requirements. Specifically, the following aspects ought to be taken into consideration:
- Under what legal title does your company process personal data (a consent vs. a “legitimate interest of the administrator”)?
- To what extent does your company process the clients’ personal data?
- Which form of communication does your company use to contact the customers (e.g. email, phone)? Does your company meet all requirements while doing so (such as information obligations in accordance with GDPR)?
- Is my personal data processing based on the customer’s consent? Would such consent be sufficient according to the GDPR?
Further steps are to be taken in accordance with answers to the above questions and the specific way of implementation will surely be affected by the forthcoming ePrivacy regulation which is to address some processes connected with direct marketing.
If you are interested in the topic, our legal team is ready to help your company with adaptation of your processes in the area of direct marketing in accordance with GDPR.
