What’s the Difference between Consent and Legitimate Interest?
Consent and legitimate interest are the two legal bases for processing likely to interest marketers. It’s possible that under certain circumstances, consent might be required for marketing data processing, but for most situations, ‘GDPR Legitimate Interest’ will be most suitable.
Is Consent and GDPR Legitimate Interests still Relevant?
Yes, in some cases, but you need to apply the three-part test and ensure that you comply with other marketing laws. Recital 47 of the UK GDPR says: “The processing of personal data for direct marketing purposes may be regarded as carried out for a GDPR legitimate interest.” If this is the case, then it is likely that ‘legitimate interests could be the way for you to go.
Do You Need Consent for Legitimate Interest?
Frequent questions revolve around the re-consent of data and usually involve the best way of getting around this problem. You should decide which way to go based on need. If consent is the best way to go, it should be because your use of data presents a risk to the rights and freedoms of the individual. It is more about making sure that you are on the right lines of a legal basis.
If we re-consent our whole database, will we become GDPR compliant?
Yes, true, you will become GDPR-compliant. However, you are likely to lose the large majority of your company database during this. As well as a large percentage of your revenue, and then only have ICO consent to send out marketing communications. Also, we have seen hundreds of companies asking us (another business) to consent to their marketing, even businesses that we have never dealt with. Therefore, people think they have no other choice than to re-consent their whole business database. But there are other options to remain GDPR-compliant.
How do You Stay GDPR Compliant…
This list is the processing that GDPR covers. It is the activity that you are likely to be undertaking in a business-to-business scenario using GDPR legitimate interests under the Data Protection Act. The confusion is more stemming from electronic marketing such as emails, SMS and social media’s.
However, you still do have some work to do. Don’t just sit back and relax, thinking there is nothing for you to do. The two legal bases for processing that are likely to be of interest to marketers are ‘consent’ and ‘GDPR legitimate interests’. In most situations, ‘GDPR legitimate interest’ will be most suitable, and under certain circumstances, ‘data consent under GDPR’ may be required for marketing and data processing. Therefore, the choice of the basis is very important as choosing the wrong basis will cause you to find it difficult to meet the needs of that basis.
The Data Protection Network (DPN) Guidance
The Data Protection Network (DPN) has kindly produced some quality content and guidance on legitimate interest. Which includes a template to help you with the GDPR legitimate interest assessment. To sum it up;
Figure out what data you have and what you are using and can use it for.
Apply the test using the template in the DPN guide. Make your decision. Can you justify using GDPR legitimate interest, or will it require consent?
Making the right choice is based on need. Furthermore, if consent is the best way to go, then this should be because your use of the data presents a risk to the rights and freedoms of the individual. But if this isn’t the case and your GDPR legitimate interest assessment says to use legitimate interest, then you can use it. There is no need to put your business through unnecessary pain and stress and customers through unnecessary inconvenience if you don’t need to.
8 Facts You Didn’t Know About GDPR And Data Protection
The GDPR is a European regulation intended to protect citizens’ privacy while using the internet. It was put in place to prevent large companies from unethical practices. However, the changes have increased the expectations of internet GDPR privacy shield. Here are eight facts you didn’t know about GDPR and data protection.
GDPR replaces the 1995 Data Protection Directive.
It strengthens EU data protection rules by giving individuals more control over their data and establishing new rights. GDPR applies to any company that processes or intends to process the data of individuals in the EU, regardless of whether the company is based inside or outside the EU.
The GDPR requires companies to get explicit consent from individuals before collecting, using or sharing their data. Companies that process the data of children under sixteen must obtain parental consent.
Brexit won’t affect the GDPR policy. While Brexit may cause uncertainty regarding the data protection laws in the UK, the reality is that it will not significantly impact GDPR. The GDPR intends to give EU citizens more control over the personal information they share with businesses.
This includes personal information such as name, email address, and date of birth. Furthermore, the GDPR ensures that companies are not allowed to store this information without consent and promotes fair use of personal data.
Even if the UK does leave the EU, it will remain the supervisory authority for data processing under EU GDPR. The UK is not a member of the EU, but it will still need to appoint a representative to meet the GDPR’s requirements. While the UK won’t be a member of the EU, it will be required to select an EU representative.
If the UK leaves the EU, the European Commission will issue an adequacy decision allowing personal data to flow from the EU to the UK. Even organizations that don’t have an SCC can continue to provide appropriate safeguards for their data.
GDPR changes how we capture data
The GDPR has become a critical issue in digital marketing, as it regulates the use of personal data. As privacy becomes an increasingly important topic in the public consciousness, many leading brands have had to learn some hard lessons.
This regulation has changed the way digital marketers market to European consumers. US companies with European clients must comply with the new rules, or they may be subject to fines totalling hundreds of millions of euros.
Among the new requirements under GDPR is the concept of data protection by design and by default. This principle is found in Article 25 of the GDPR. Therefore, when launching a new app, it is crucial to consider the types of personal data it collects and how to secure it.
While some areas might be more complex, some general principles apply to all companies. Listed below are some fundamental principles to consider in building your new app.
Data Breach handling is going to be more stressful
Data Breach handling is becoming a more significant problem for organizations, as a data breach can ruin a company’s reputation and cost it money. Luckily, the GDPR is now in effect for any website that handles EU visitors.
The recent California Consumer Privacy Act applies to all websites as well. Moreover, sophisticated tools are now available to scan documents and emails automatically for sensitive data. But how do you know what you’re dealing with?
While large-scale data breaches are not the norm, they are more frequent. For example, 64% of Americans have suffered from a significant data breach. Australia reported 63 data breaches within six weeks. And a recent hack at a UK electronics retailer may have affected 10 million consumers. With so many data breaches and more regulations looming, it’s no wonder Data Breach handling will be more stressful than ever.
Three Of The Most Common Myths About GDPR And B2B Data
There is a lot of confusion surrounding the General Data Protection Regulation (GDPR), and many businesses figuring out what it means to them.
Myth: GDPR only applies to consumer data
General Data Protection Regulation (GDPR) is a set of regulations that member states of the European Union must implement to protect digital data privacy. The principle applies to any business that processes or intends to process the data of individuals in the EU, regardless of whether those individuals are customers or employees.
This means that GDPR applies to consumer data and the data of corporate employees. In addition, GDPR requires companies to obtain explicit consent from individuals before collecting, using, or sharing their B2B data lists. This makes GDPR one of the most comprehensive and stringent data privacy laws globally. As a result, companies that do business in the EU must comply with GDPR to avoid steep fines.
Myth: B2B companies don’t need to comply with GDPR
The EU General Data Protection Regulation (GDPR) is a set of regulations that member states of the European Union must implement to protect their citizens’ data. The principle is also applicable to companies outside the EU that process the data of EU citizens. This means that any company that does business with Europeans, regardless of whether they are based in the EU or not, must comply with GDPR.
There are several misconceptions about GDPR, and one of them is that it does not apply to businesses that only deal with other companies (B2B). This is not true. GDPR applies to any company that processes or intends to process the personal data of EU citizens, regardless of whether they are individuals or businesses. Therefore, if your company deals with Europeans, you need to be compliant with GDPR. Failure to do so can result in heavy fines.
So, if you are a business that deals with European customers or clients, make sure you are up-to-date on GDPR and compliant with its regulations. It is essential for protecting your customers’ data, and it could save you a lot of money overall.
Myth: GDPR is too complex and challenging to comply with
The General Data Protection Regulation (GDPR) is a new EU data protection law that came into effect on May 25, 2018. The GDPR replaces the 1995 EU Data Protection Directive. It strengthens EU data protection rules by giving individuals more control over their data and establishing new rights for individuals. The GDPR also imposes significant fines for companies that violate its provisions.
Many companies have been concerned about the compliance burden associated with the GDPR. However, the reality is that the GDPR is not as complex or difficult to comply with as many companies think. Most companies already comply with many of the GDPR’s requirements, such as obtaining consent from individuals before collecting their data.
The key to compliance is to have clear and concise policies and procedures in place and ensure that all employees are aware of and adhere to these policies. Then, with a little effort, any company can comply with the GDPR.
Top 5 Tips For Sending Effective Business Emails
In order to be successful in business, it’s essential to have strong communication skills. And one of the most crucial forms of communication is email marketing. But if you want your emails to be read and acted upon, you need to make sure they’re well written and formatted. So here are our top 5 tips for sending effective business emails.
Keep your emails short and to the point
Keeping your emails short and to the point is an effective strategy for sending business emails. When you write concise emails, you’re more likely to get your point across clearly and concisely. Additionally, shorter emails are less likely to be ignored or forgotten. So if you want your business emails to be read and acted upon, keep them short and sweet.
Use an appropriate subject line
Your email’s subject line is essential because it’s the first thing your recipient will see. So make sure you use an appropriate subject line that accurately reflects the content of your email. Personalise your B2B marketing campaigns because a good subject line will grab the reader’s attention and make them want to read your email. Conversely, a foul subject line will do the opposite.
Use a professional email signature
Your email signature is another vital element of your business email. A professional email signature should include your full name, job title, company name, and contact information. Having this information in your signature makes it easy for recipients to get in touch with you. Additionally, a professional email signature gives your emails a more polished and professional look.
Proofread your emails
Before sending any email, it’s essential to proofread it for spelling and grammatical errors. Nothing looks worse than an email full of mistakes, so make sure you take the time to proofread your emails before hitting the send button.
Use a polite and professional tone
When sending business emails, it’s essential to use a polite and professional tone. Avoid slang or jargon, and don’t be too informal in your email communications. You’ll ensure that the intended recipients take your emails seriously and read them by maintaining a professional manner.
It is essential always to use a polite tone when it comes to business emails. This is because you want to come across as professional and respectful. Using a rude or condescending tone can make the recipient feel uncomfortable and damage the relationship. To avoid any potential misunderstandings or conflict, it is best to err on the side of caution and use a polite tone.
Another critical aspect of business emails is to be clear and concise. This means that you should avoid using any unnecessary words or phrases. Instead, be sure to get straight to the point so that the recipient can easily understand your message. In addition, try to keep your email as short as possible.
By following these tips, you’ll be well on your way to sending effective business emails. Remember, communication is key in business, so make sure your email data is clear, concise, and professional.
Buy GDPR Compliant Business Data
It strengthens EU data protection rules by giving individuals more control over their data, establishing new rights for individuals, and imposing stricter fines for companies that violate the regulation. GDPR applies to all business that processes the personal data of EU citizens, regardless of where the company is located.
How will it comply with GDPR-compliant business data?
There are several steps that companies must take to comply with GDPR.
The first is to appoint a Data Protection Officer (DPO). The DPO ensures that the business complies with GDPR and handles data protection concerns.
The second step is to develop policies and procedures for collecting, using, and protecting personal data. These policies and procedures must be designed per GDPR compliance requirements and made available to all employees.
The third step is to ensure that all employees with access to personal data are trained on properly handling this information.
Lastly, businesses must put in place systems and processes for maintaining compliance with GDPR on an ongoing basis. Do you hear a lot of nonsense about GDPR or not sure what is not true?
Five Steps To Maintaining A GDPR-Compliant Database Post-Brexit
Most companies are still unprepared for GDPR EU policy, there is a lot of confusion surrounding how to maintain compliance.
We will discuss five steps that you can take to ensure that your database remains GDPR-compliant after Brexit.
Educate your team about GDPR and the implications of Brexit
The effects of Brexit business prospecting. One essential step in maintaining GDPR compliance is educating your team about the regulation and what it means for your business. This includes understanding the requirements for data collection, storage, plus destruction. It’s also essential to remain aware of the rights of individuals under GDPR, such as the right to access their data or have it erased.
Make your team aware of the penalties for non-compliance. Which can include fines up to €20 million or four per cent of annual global turnover, whichever’s greater.
With GDPR and Brexit, there are a lot of unknowns. But, educating your team along with staying up-to-date on the latest developments, you can ensure that your database remains compliant.
Review your data collection procedures and identify any areas that need improvement
One of the main requirements of GDPR is that companies must have a legitimate reason for collecting and processing data. You need to justify why you are collecting each type of data. How it will be used, and how long it will be stored.
You should also review the security measures you have in place to protect data. This includes encrypting data at rest and in transit and implementing access controls to restrict who can view and edit data.
Reviewing your data collection procedures, you can ensure that you’re only collecting the data you need and that it is protected.
Create a data retention policy and ensure that all employees are aware of it
One of the essential requirements of GDPR is that companies must have a process for destroying data that’s no longer needed. Even if you have a data retention policy in place. It’s crucial to ensure that all employees know and understand their responsibilities regarding data destruction.
Implement data loss prevention measures to protect your information from accidental or unauthorized access. Data loss prevention (DLP) is a process or technology that helps organizations protect their data from accidental or unauthorized access, destruction, alteration, or disclosure.
There are several different DLP measures that you can implement, but some of the most common include:
Restricting access to data. – You can restrict access to data by implementing user authentication and authorization measures.
Encrypting data. – You can encrypt data at rest and in transit to protect it from being accessed by unauthorized individuals.
There are many other DLP measures that you can implement, but these are two of the most important. By implementing DLP measures, you can help ensure that your data is protected.
Regularly audit your database to ensure that it is compliant with GDPR standards
One of the best ways to ensure that your database remains GDPR-compliant is to audit it regularly. This means checking to ensure that all of your data collection procedures comply with GDPR, your data is being securely stored, and that you have a process for destroying data that is no longer needed. Following these steps, you can help ensure that your database remains compliant with GDPR after Brexit
BDP And GDPR Compliance Requirements
Our FAQ’s on GDPR and Compliance Requirements
One of our new clients recently asked us for further information on the new Data Protection Act and the General Data Protection Regulation. So we have included here a transcript of our call to assist others. Alongside some of the common questions asked to UK B2B data providers in the industry on GDPR policy and requirements for compliance:
Which legal basis do you use to collect your data?
The legal basis which we use to collect our data is GDPR Legitimate Interest. So when we contact a company, we ascertain their interests in 3rd party marketing. Therefore, this is in line with the ICO requirements. So we can ensure that we can align specific interests with our client’s requirements on a case by case basis.
Have you complied with the fairness and transparency requirements of the DPA?
We have complied with the fairness requirement of the law as we promise not to mislead companies when we are obtaining their data. Also, we consider how the data we obtain is used and if this could harm them.
We have also complied with the transparency requirement of the law. As we are clear and honest about who we are as a company and why we select their data.
Can you provide me with documentary evidence of your adhering to GDPR compliance requirements?
Yes, please see our data resources page on our website for more information.
If a data subject from the list you have supplied me with contacts me to object to their information processing, what will you do? If a data subject objects to their information processing, we will remove them from the database and replace your contact as part of our 100% guarantee.
How do you keep the data list which I licence from you accurately?
To keep the data you licence from us accurate, we check our telephone records with BT and our direct mail records with Royal Mail. Then we cross-check them with our own market research. Ensuring that the data lists we supply to you are accurate.
Do you have a point of contact for Data Protection?
Yes, please send any enquiries marked for our Data Protection Officer to the email address on our contact us page.
Will I need to do anything differently to how my business operates when I use the business list you have supplied me with? When you are using the data list, we have supplied you with. You do not have to do anything new as long as there is a GDPR legitimate interest. Business Data Prospects, as the supplier, is compliant with the GDPR when we are collecting data and carrying out market research. We will discuss any other additional requirements with you that are unique to your order at the time.
We hope that we have provided you with the answers you were looking for, and we hope you choose us as your data list provider. Further reading is available in our GDPR section, GDPR in a positive light. Don’t hesitate to contact our team of experts if you have any data questions about GDPR or how to maintain compliance. We are here to help!