In the next few weeks, businesses will be preparing for Cyber Week (otherwise known as ‘Black Friday’ and ‘Cyber Monday’). If businesses want to make the most out of the most important retail event of the calendar year, it is imperative that they are aware of the legal restrictions around certain forms of marketing, and the legal implications of certain promotional activities that you may have planned. GDPR and its implications for data protection are proving to have majorly altered the ways in which brands manage their clients’ and customers’ information. The risks of getting it wrong We have already seen some very high profile cases this year involving data breaches which will likely attract substantial fines form the ICO. But there’s no need to look at this new trading landscape as an overall negative for your business. As discussed by LawBrief GDPR expert Jessica Mumby, there are many ways that being fully GDPR compliant will be of benefit to your organisation. Online trading compliance - key areas GDPR came into force in May 2018, which means there are additional limitations on what you can do with customer personal data. Here are some examples:
You must make sure you have specific consent from customers to hold their personal data for any and all reasons you plan to use it
Online forms, whether for login details, for online competitions or subscription services, often include items such as “please tick here if you want to be added to our mailing list”. These can no longer be pre-ticked – the customer has to physically tick the box to be contacted by you again
This extends to signing up for prize draws. You cannot and must not automatically add customers to your mailing list if they sign up to a prize draw, or make it a condition of being entered into the prize draw that you can contact them at a later date
Please remember that all online terms and conditions, customer contracts, etc. must be GDPR compliant. There must also be privacy notices available for your customers to view (make sure the notice is on your website). This means that you must state whether you are acting as data processor and/or data controller, what processes and procedures you have in place to keep personal data secure, and the procedures for customers to access the personal data you hold on them (subject access requests). ICO fines are already in play In addition, the Information Commissioner’s Office (ICO) has been given new powers to fine companies up to £500,000 for nuisance calls. It is now a legal requirement for individuals to specifically ‘opt in’ to receive these calls, rather than opt out. This should be borne in mind when considering launching any telephone marketing campaign in the lead up to Cyber Week. Finally, if you needed a reminder as to the importance of complying with GDPR, consider the recent enforcement action brought by the ICO against Everything DM Ltd. This marketing agency was fined £60,000 on 5 September 2018 for sending out 1.42 million emails to prospective customers. Everything DM Ltd could not prove that the recipients had consented to receive these emails. How to get prepared If you are not sure that you are fully GDPR compliant, LawBite is here to help. Please get in touch with a member of the LawBite team to receive a 10% discount on our GDPR Rescue Pack including: 12 GDPR compliant templates and a 30-minute GDPR audit consultation and 2 hours of specific GDPR legal advice for only £445 + VAT. Please quote discount code CYBER10, valid until 26 November 11.59pm. For further business legal advice, you can contact the author of this article LawBrief, Barbara Jamieson. For expert business legal advice, please enter an enquiry or call us today on 020 7148 1066 to speak to a member of our friendly Client Care Team. Journey further…GDPR ChecklistGDPR Products and ServicesLawBite GDPR Rescue PackageGDPR FAQs
Whether you are a small, medium, or large organisation, receiving a subject access request (SAR) or data subject access request (DSAR) and handling...
LawBite can help you
LawBite is on a mission to provide business legal advice that is easier to access, clearer to understand and much cheaper. Our on-line legal advice platform can quickly connect you with expert business legal advice. Our friendly, highly qualified business lawyers, solicitors and mediators will give you the guidance and reassurance that comes from customised legal advice for small and medium sized business.
Whether you are bringing or defending a legal claim, outsourcing work, want a business contract review to ward off disagreements, talk to an expert trademark lawyer, resolve a contractual dispute with methods like mediation and arbitration, or getting your new company set up and on the right footing with a robust shareholder agreement and GDPR standards, we can help you succeed.
Lawbit Limited (trading as LawBite)
Correspondence Address: Studio 403, 332 Ladbroke Grove, London W10 5AD
Registered Address: 39 Long Acre, London, England, WC2E 9LG
Our lawyers provide legal advice working through Lawbriefs Ltd.
Lawbriefs Ltd is authorised and regulated by the Solicitors Regulation Authority (SRA number 622808)