General Data Protection Regulation
What is GDPR
The EU General Data Protection Regulation is the most critical aspect of European privacy legislation in the last 20 years. It is effective from 25th May 2018.
GDPR replaces the 1995 EU Data Protection Directive (European Directive 95/46/EC), concerning the rights that EU individuals have over their data, and creating a uniform data protection law across Europe.
How does GDPR Affect my Business?
The GDPR applies to associations handling and holding individual/personal data within the EU. It also applies to companies outside the EU that offer goods or services to individuals in the EU.
Personal data implies any data that can be utilized directly or in indirect way distinguish the individual. This could be anything from a name, Computer IP address, bank details or location information.
Depending on the severity of non-compliance companies can be fined upto 2% of global annual revenue or €10 million whichever is highest. It can go upto 4% for more serious breaches. These rules apply to both data controllers and processors.
Who Can I Call?
You can continue to cold call corporates and sole traders/partnerships provided the telephone numbers have been suppressed against the Telephone Preference Service and the Corporate Telephone Preference Service registers every 28 days as well as any in-house suppression files you hold. You need to always offer them the opportunity to opt out of future calls.
Who Can I Mail by Post?
You can send postal mailings to corporates and sole traders/partnerships.
Who Can I Email?
You can only email the contacts who have given you consent to contact them specifically for your company. GDPR applies as it covers data processing and data controlling.
What about Bought in Data?
Email addresses of corporate employees can be bought for third party email campaigns. Legitimate interests would be used to process this personal data as long as all the following criteria are fulfilled:
- A corporate is defined as a limited company, public limited company, limited liability partnership or government departments and can be emailed without prior consent (eg. firstname.lastname@example.org).
- Employees of corporates must be given the option to easily unsubscribe or opt-out from receiving email marketing.
- The product or service being promoted can be purchased by the recipient in a professional capacity.
- The sender must identify itself and provide contact details.
Privacy Statement update: July 2022
Wherever applicable it will also be notified to data subjects via email.