GDPR – Is the fear justified?
Steadcross Director Ian Roberts LLB (Hons) provides an overview of GDPR and shows how the data protection regulations are to be respected and not feared by companies who rely on telemarketing for their business.
I keep hearing that with GDPR (General Data Protection Regulations) you won’t be able to cold call or send unsolicited e-mails to your prospects unless you have consent.
The scope of GDPR goes much wider than controlling when you can contact people. GDPR sets our rules that govern every aspect of storing and processing personal data. The ICO (Information Commissioner’s Office) guidance on GDPR runs to over 110 pages.
It is very important that you have a lawful reason to store and process the data – whether for marketing or any other purpose. Of the 6 lawful reasons that are set out in GDPR there are two that could apply to the use of data for direct marketing. These are ‘consent’ and ‘legitimate interest’.
Where you use “consent” the rules around how the consent is obtained have been tightened up. Put simply, the consent must be a positive opt in and specific re the type of marketing. In some ways consent would be the best lawful reason to use, so long as you are sure that you can get the consent that you need – you can’t change your mind later if the consent proves difficult to obtain. When buying lists you will need to be sure that the people on the list have consented to receive direct marketing that relates to what you are promoting – make sure there is an indemnity clause in the contract with your supplier.
It is important to get the lawful reason right first time as it is not usually possible to change it later, unless there is a significant change in circumstances. It may be more flexible and more appropriate to use ‘legitimate interest’ but you will need to produce a legitimate interest assessment to show that your proposals are proportionate and balanced against the rights of the individuals.
The choice of which lawful reason to use will need to take into account other pre-existing regulations; for example you will need to consider the Privacy and Electronic Communications Regulations (PECR) if you want to make direct marketing phone calls or send out marketing e-mails using ‘legitimate interest’. PECR is not new, it has been around since 2003. If PECR says that you need consent to contact someone then your lawful reason under GDPR must be ‘consent’ and you will not be able to use ‘legitimate interest’.
However, PECR does not require consent for making live telemarketing calls to anyone, nor does it require consent for sending marketing e-mails to employees of a company at their work e-mail address. As under current regulations you must not make calls to numbers registered with TPS or CTPS and you must give a clear method by which people can opt out of future contact. If you follow these restrictions you may be able to use ‘legitimate interest’ as your lawful reason for these activities. Full details of these rules can be found by going to the information commissioner’s website at www.ico.org.uk and searching PECR.
GDPR consolidates and tightens up existing data protection regulations across the EU. For the time being it brings data protection and the use of personal data to the front of our minds. We should all take this opportunity to review how we process personal data and make sure that our privacy statements, data protection registrations, etc are accurate and up to date.
- GDPR is a consolidation of existing data protection regulations across the EU
- Consent and Legitimate Interest provide a lawful reason to carry out telemarketing
- TPS and CTPS continue to provide individuals and companies with an opt-out that should be strictly observed
If you think Steadcross could advise on your approach to GDPR – including with your data mapping obligations – please contact us.
The information in this article is a high-level summary of our view of GDPR and is not intended as detailed guidance or advice. If you have questions about how GDPR affects your business please speak to your own legal advisers.
Ian Roberts is the director of Steadcross Solutions Limited, which offers various direct sales and marketing services under the Steadcross brand.