By now you probably know that in order to collect and process personal data, you must have a lawful basis to rely on – it is therefore also important to consider which basis you are relying on in order to hold and process the data in question. The main lawful bases are contract (i.e. the processing of personal data is necessary for the performance of that contract), consent (simply that you have the consent of the individual concerned) and legitimate interest (that you have a legitimate business interest in processing the data of an individual and that this interest is not outweighed by the individual’s right to privacy). You may also have a legal obligation to process the personal data (for example to comply with HMRC requirements) and, for some organisations, the processing may be in the vital interests of the individual (for example, healthcare professionals) or, for government bodies, in the public interest.
If you have a contract in place or are negotiating one, any contact you make with customers for reasons connected with the contract – for example about delivery updates, invoicing queries or asking for feedback – should be lawful within GDPR on the basis that it is necessary for the administration of that contract. We recently posted on how to know when you actually have a contract in place. Telling contacts about some great new service or product you are planning to offer, is likely to require their consent. If you updated the consents you already had in place prior to the May 25th deadline to be compliant, you should be able to continue to market to your customer base as you always have. If not however, tread carefully – if you don’t have adequate ‘GDPR’ consent, or no consent at all, and no other lawful basis to rely on, then don’t send unsolicited marketing communications.
Remember individuals must be able to withdraw their consent at any time. A few weeks ago we wrote about making sure that you are GDPR compliant with 3rd party supplier contracts and protecting your customers' data. In the absence of consent, or outside of a contract, you may be able to continue with communications with your customer base (maybe for marketing purposes, or maybe to get back in touch with old contacts for example) if you can fulfil the legitimate interests test. This basis acts as a bit of a ‘catch-all’, however you must be able to demonstrate a genuine business interest. GDPR isn’t about stopping businesses from communicating with their customers and contacts but is about making sure communications are necessary and appropriate and handing some control to individuals. The key with any communication is to identify why you want or need to make it.
This should then help you identify your lawful basis so that you can confidently continue with your day to day operations. It may all seem quite daunting but it is more important than ever to tackle your GDPR compliance. Now is the time for ACTION and remember LawBite is here to help! To consult with the Lawbrief lawyer Jessica, please submit an enquiry for a free 15-minute consultation or call the dedicated GDPR Hotline 0845 241 1843.
Journey further… How LawBite works LawBite GDPR Rescue Package
Read more of our latest blog posts, featuring all the latest legal news, analysis and opinion from our expert lawyers.
- By Lawbite Team
- March 16, 2021
Every start-up business needs the law. Unfortunately, many cut corners or worse still, ignore the legal side of their business all together. Here's...
- By Lawbite Team
- November 16, 2020
The supervisory authority for GDPR compliance, the Information Commissioner's Office (ICO), has recently published its decision to fine British Air...
- By Lawbite Team
- March 26, 2020
Many businesses have needed to adapt and embrace remote working. For many, this can raise new working practices and question how data is managed wi...
LawBite can help you
LawBite is on a mission to provide business legal advice that is easier to access, clearer to understand and much cheaper. Our on-line legal advice platform can quickly connect you with expert business legal advice. Our friendly, highly qualified business lawyers, solicitors and mediators will give you the guidance and reassurance that comes from customised legal advice for small and medium sized business.
Whether you are bringing or defending a legal claim, outsourcing work, want a business contract review to ward off disagreements, talk to an expert trademark lawyer, resolve a contractual dispute with methods like mediation and arbitration, or getting your new company set up and on the right footing with a robust shareholder agreement and GDPR standards, we can help you succeed.