GDPR: What to do with a business card...
You're networking, just finished a meeting or been introduced to a new potential client... you exchange business cards, a familiar process. But what do you do with that business card? With the new GDPR legislation, you may have to think twice about how you email your new found acquaintance.
This is a point being raised repeatedly by businesses in my GDPR consultations, and I thought a useful one for me to blog about.
Ask yourself: if you give someone a business card, are they also giving you permission to use their details to contact them... including sending direct marketing, for business purposes?
Let me make one thing clear...
I do not believe that handing over a business card permits being added to a direct marketing list. Yes – the chap can contact me to follow up on whatever we were discussing or even to discuss other matters – but direct marketing? Not to my mind. This is the advice I am giving to my clients.
We are aware that Recital 47 provides that the processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest. However the EU Commission have given clarity in addition to the clear three stage test (Interest? Necessity? Balancing?) that direct marketing can only take place where there is a client relationship in place (and the organisation cannot rely on contract necessity / legal obligation). Furthermore existing PECR (and the new draft e-Privacy regulation) indicates that direct marketing requires consent.
So don't fall foul of the changes that are coming, get yourself up to speed. No business wants to be fined for breaking the new GDPR legislation and they certainly wouldn't want the bad PR it would bring! If you don't have another lawful basis upon which to process their personal data.... imprint the word 'CONSENT' on your memory.
If that isn't enough and you want personal guidance and advice, contact me: email@example.com. I'd be happy to do a tailored workshop for your business.