Marketing Using Personal Data and GDPR Compliance

Hi all i’ve seen a few posts regarding the data people collect and using email marketing with xxx,xxx amount of email addresses and I just thought i’d create this topic to raise awareness slightly within the community and to also try and answer any questions regarding compliance people may have.

Although this law is aimed at the misuse of data from large companies I think it something we should all be aware of and take caution to.

So what is GDPR?
The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU).

What is classified as personal data?
Any information relating to an identified or identifiable natural person

Can I send emails to a list I scraped or got from another source?
No. All individuals must give you consent to contact them and it has to be a positive opt in.

On my data capture form can I have the marketing communications boxed ticked for default?
No. The consent has to be given freely an can not be defaulted with ready ticked boxes. You also can not make the box compulsory to tick to complete form/sign up as this is directly impacting the individuals decision to opt in which needs to be made freely to be compliant.

I want to email businesses to try and get them as clients, can I still do this?
Yes you can as long as the email address you’re sending it to DOES NOT contain any personal identifiers.

For example an email address which was for a specific person at a company such as name@companyname.com who didn’t opt in is breaking the GDPR laws as it contains an identifier of personal information.

Where as sending emails to addresses which don’t contain a personal identifier such as hello@companyname.com are GDPR compliant and don’t break the rules.

Does GDPR still apply to me if I live/staying outside the EU?
Yes it does if you have clients inside the EU. If one of your clients is within the EU and they’re not GDPR compliant then this can potentially also make you liable and not GDPR compliant regardless of whether you’re in the EU or not.

If i’m GDPR compliant, but my clients aren’t can I be liable for them?
Yes you can.

For anyone interested it is worth looking at how Wetherspoons in the UK handled the GDPR changes http://www.wired.co.uk/article/wetherspoons-email-database-gdpr.

They deleted their entire database because they couldn’t be sure who gave clear consent to receive marketing communications and the person could of been intoxicated which would of effected their judgement.

Anyone that wants to read up on GDPR and how to process data: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/

Any questions i’ll try and give you guys an answer!

9 Likes

I head about it too!

I will mess up a lot of things!

I hope, I will not get any problems and I will let a lawyer look over my website

It will effect things quite a bit, but if people start implementing things now in anticipation for the changes we should be okay.

2 Likes

Nice one Alukus, thanks for the heads up. You being in a very structured agency environment must know what you are talking about as it affects you directly. A lot of us here are flying under the radar :-p

You say "If i’m GDPR compliant, but my clients aren’t can I be liable for them? Yes you can."
Not sure I understand this. I am the client of hundreds, maybe thousands of companies in various fields. Alternatively, my clients do whatever the heck they want in their business dealings, I have no idea or way of knowing or interest in it either way. I am not a police detective. So we are all liable for each others GDPR breaches ? This cannot be, as the entire planet would instantly be in breach and goes in the face of the concept of personal responsibility. Can you explain what you mean by this?

Another question… you say:

Does GDPR still apply to me if I live/staying outside the EU?
Yes it does if you have clients inside the EU. If one of your clients is within the EU and they’re not GDPR compliant then this can potentially also make you liable and not GDPR compliant regardless of whether you’re in the EU or not.

This implies that the GDPR will apply to almost the entirely of online businesses. Do you think this is a realistic? I mean there are a ton of EU regulations that are routinely ignored by the very governments of the EU states, let alone their citizens, let alone people and companies outside the EU. Is there provision for some kind of global enforcement agency with far ranging powers in foreign sovereign states to enforce the GDPR, or is this in the realm of fantasy on the part of the Eurocrats?

So GDPR is be active for 5 hours. Has anyone gotten a notice of non compliance yet?
They can’t do much if you company is not located in the EU as it is extremely hard for them to execute a fine. How ever if you are selling information to scraped of the internet to European companies you are in for a bad one as that information has know become completely useless for them.
Also for your business to be shut down in the near future, people have to put in complaints. So hopefully you haven’t pissed off any clients of your that know how easy it is to put in a complaint.
I mean the only really problem here is cold outreach in the EU is dead know.