GDPR – What about my database?

  • Home
  • GDPR – What about my database?
  • 20
    Sep 17

GDPR – What about my database?

Tags : 

data entry keyboardEarlier this week I was speaking to a client about a problem he was having with his existing marketing database (which contains information about almost 18,000 contacts in a similar number of businesses). He wanted to prune the database as he was getting a bounce rate of close to 20% when sending out mailshots.  In passing I suggested that now would be a good time to look at General Data Protection Regulation (GDPR) compliance. He had not heard of the GDPR and when I suggested that the contacts in his existing database might not be usable after May 2018 he went very pale.

So what’s the problem with your database?

What might be the problems with using an existing database once the GDPR is enacted? It really all boils down to consent, and the lawful basis, for processing personal data that is held in your database. Most marketing databases will contain personal data of at least a name and an email address or phone number, which will then be sufficient to identify an individual.  Earlier this year the Information Commissioner’s Office (ICO) issued draft GDPR consent guidance.  This was a consultation process to gather the views of stakeholders and the public. The draft guidance states “if existing DPA [Data Protection Act 1998] consents don’t meet the GDPR’s high standards or are poorly documented, you will need to seek fresh GDPR-compliant consent, identify a different lawful basis for your processing (and ensure continued processing is fair), or stop the processing”.

From this if our client wants to continue using his database he has two options:

  1. Contact his entire database to obtain GDPR-compliant consent – however does he actually have consent to do this! Both Flybe and Honda Motor Europe fell foul of this and were fined by the ICO for breaking the current DPA provisions, let alone the new, arguably more stringent, GDPR provisions.
  2. Determine a lawful basis for continuing to use the contact information – earlier this month we looked at this in our blog. Other than consent there are 5 other provisions which might apply:
    1. Processing is necessary for the performance of a contract with the data subject or to take steps to enter into a contract
    2. Processing is necessary for compliance with a legal obligation
    3. Processing is necessary to protect the vital interests of a data subject or another person
    4. Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
    5. Necessary for the purposes of legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests, rights or freedoms of the data subject

As this is a marketing database which our client uses to send marketing emails and make marketing phone calls, and many of the contacts are not customers or have not been a customer for sometime, it is difficult to identify any lawful basis for using the data other than that of GDPR-compliant consent.

What can you do?

So what should our client do? He really only has three options:

  1. Determine which of his contacts are an existing customer and be able to demonstrate that. If he can do this then it may be possible to send marketing information related to the products purchased but not about other products or services. There is some debate about how long after a purchase it is legitimate to consider some one to be a customer – this depends on the industry, the products being purchased and the frequency of purchasing by a normal customer. So this could vary from a few months to no more than 2 years.
  2. Determine which of his contacts have already given consent and be able to demonstrate that.
  3. As he has been sending marketing emails already to his database can he determine which contacts are actively engaging with this marketing by opening or clicking on the emails? If so then this might be a basis for showing an existing relationship. However, this is a very subjective area and our client would need to need to be able to demonstrate that his email marketing is a valuable service in its own right (is it providing useful information about industry trends and developments rather than information about his own services and products). This should take into account the value and utility of the emails and the cost, damage or detriment suffered to the contact if those emails were to cease.

Businesses are rightly concerned by the prospect of their databases become devalued assets in the event that the consents on which they rely are invalidated.  However, before beginning the (potentially mammoth) task of re-contacting an entire marketing contacts database at this stage, there are a number of important points to be considered; in particular, the evolving nature of the ICO’s guidance which should be issued in December 2017 and the new EU ePrivacy Regulation, published in draft/proposal form in January 2017, which contains more specific rules on electronic marketing – more on this in a future blog.

GDPR Preparedness Toolkit Seminar

This 2 hour seminar will help you, as you take your first steps towards compliance by sharing practical insights about implementing a data security based approach in line with the Regulation. You will learn about:

  • Why you have to comply with the GDPR and what might happen if you don’t.
  • The GDPR’s direct effect on your business and the transition timelines.
  • The steps to take in preparing for compliance.
  • The technical and organisational measures your business will need to adopt to comply with the Regulation.
  • A key assessment toolkit you can use to help you to achieve compliance.

The seminar will be held at The Birch Hotel, Heywood with easy access to the M60, M62 and M66 on:

  • Wednesday, 27th September 2017, 14:00 to 16:15SOLD OUT
  • Wednesday, 25th October 2017, 14:00 to 16:15
  • Wednesday, 29th November 2017, 14:00 to 16:15

Standard tickets are £25.00

Early Bird Discount tickets are £15.00 (available only if you book within 14 days of the seminar)

Contact us on 0345 319 4887 to book or book online with Eventbrite.

News Archive

More Information (PDF)

Smarter Technologies Ltd, Unit 1 Broadfield Industrial Estate, Seymour Street, Heywood, OL10 3AJ | Company No.: 07172781 | VAT No.: 794 7491 68

 Request a Quote

What our clients say:
Lynne SprigingsLynne SprigingsBolton Young Persons Housing Scheme
As a small charity it’s really important for us to have reliable and responsive IT support, which Smarter Technologies supplies.
Maura JacksonMaura JacksonBackup North West
Smarter Technologies have looked after our IT for well over 10 years. They are fabulous, knowledgeable, hard working, thorough, reliable, good value for money and proactive.
David Lackner-SmithDavid Lackner-SmithThe Sanctuary Trust
It’s great being able to rely on such prompt service from Smarter Technologies, it really gives us peace of mind knowing that our IT support is provided by a team that will go the extra mile.
Andrew BeeputAndrew BeeputThe Bond Board
Smarter Technologies really understand the pressure charities are under and consider this when making recommendations. They saved us so much money – I can’t put a price on their help. It was invaluable.
Jim GowmanJim GowmanYMCA Black Country Group
I want to pass on the thanks received today from across all parts of the YMCABC teams about how robust the IT systems have been. We have had to get to grips with remote working and with this pandemic it has come into its own.
Sharon HamerSharon HamerThe Housing Link (2003)
Thank you for all your advice, help and support. I would not hesitate to recommend Smarter Technologies.
Richard BoydRichard BoydRed Flame Marketing
I found the IT support for my small business to be excellent. Everything is clearly explained in non-technical language; prompt service and very affordable. Will be recommending Smarter Technologies to other businesses. (In fact, I already have!).
Nikki PriceNikki PriceInstil Bio (UK) Limited
Thank you very much for your help on a Saturday! I can’t tell you how very grateful we are to you for helping us out with this last minute request and doing it so promptly.
Tracey PeaceTracey PeaceRamsbottom Kitchen Company
The Smarter Technologies team are like extended members of our staff and always go the extra mile. The team come in early and stay until they finish – they even lock up for us.
Bill LeesBill LeesThe Housing Link (2003)
Smarter Technologies make so many complicated things sound clear and understandable in a way that I completely understand.
Dave BagleyDave BagleyUrban Outreach (Bolton)
Thanks again for the swift response from Smarter Technologies to our IT needs recently. All is working perfectly.
Graham EvansGraham EvansThe Housing Link (2003)
We have a tight budget and Smarter Technologies has enabled us to ‘work smarter’ and provide fast assistance to those who need it. It has played an integral role in the success of this charity.
Jim GowmanJim GowmanYMCA Black Country Group
Just to say to the Smarter Technologies team, thanks for a very smooth transition into the 21st Century of IT with our upgraded equipment. All aspects of the installation have received positive feedback from day one.
Andrew JennerAndrew JennerRCD Leaflets
Please pass my thanks on to the team as the whole process from quote to install was unbelievably thorough, efficient and smooth.
Jane HaywardJane HaywardYMCA Black Country Group
The service I have received has been excellent, from the initial meeting where the process was explained to managers, right down to coming out to go through SharePoint with me.
prevnext

© 2011-2024 Smarter Technologies Ltd  |  Privacy Statement

%d bloggers like this: