• Technology
  • July 03, 2018

What you need to know about contacting customers post GDPR

By Lawbite Team

Talk to a Lawyer Free Legal Help
Now the dust has settled a little around GDPR, here at LawBite we are frequently asked about how businesses can continue to contact their customers in the post-GDPR world. When considering what is ok within GDPR, it is important to consider why you are making the contact- perhaps marketing, maybe to inform your customers about some changes to your services, or possibly you need information for legal or regulatory purposes. 

By now you probably know that in order to collect and process personal data, you must have a lawful basis to rely on – it is therefore also important to consider which basis you are relying on in order to hold and process the data in question. The main lawful bases are contract (i.e. the processing of personal data is necessary for the performance of that contract), consent (simply that you have the consent of the individual concerned) and legitimate interest (that you have a legitimate business interest in processing the data of an individual and that this interest is not outweighed by the individual’s right to privacy). You may also have a legal obligation to process the personal data (for example to comply with HMRC requirements) and, for some organisations, the processing may be in the vital interests of the individual (for example, healthcare professionals) or, for government bodies, in the public interest. 

If you have a contract in place or are negotiating one, any contact you make with customers for reasons connected with the contract – for example about delivery updates, invoicing queries or asking for feedback – should be lawful within GDPR on the basis that it is necessary for the administration of that contract. We recently posted on how to know when you actually have a contract in place. Telling contacts about some great new service or product you are planning to offer, is likely to require their consent. If you updated the consents you already had in place prior to the May 25th deadline to be compliant, you should be able to continue to market to your customer base as you always have. If not however, tread carefully – if you don’t have adequate ‘GDPR’ consent, or no consent at all, and no other lawful basis to rely on, then don’t send unsolicited marketing communications. 

Remember individuals must be able to withdraw their consent at any time. A few weeks ago we wrote about making sure that you are GDPR compliant with 3rd party supplier contracts and protecting your customers' data. In the absence of consent, or outside of a contract, you may be able to continue with communications with your customer base (maybe for marketing purposes, or maybe to get back in touch with old contacts for example) if you can fulfil the legitimate interests test. This basis acts as a bit of a ‘catch-all’, however you must be able to demonstrate a genuine business interest. GDPR isn’t about stopping businesses from communicating with their customers and contacts but is about making sure communications are necessary and appropriate and handing some control to individuals. The key with any communication is to identify why you want or need to make it. 

This should then help you identify your lawful basis so that you can confidently continue with your day to day operations. It may all seem quite daunting but it is more important than ever to tackle your GDPR compliance. Now is the time for ACTION and remember LawBite is here to help! To consult with the Lawbrief lawyer Jessica, please submit an enquiry for a free 15-minute consultation or call the dedicated GDPR Hotline 0845 241 1843. 

Journey further… How LawBite works LawBite GDPR Rescue Package

In closing

Nothing in this article constitutes legal advice on which you should rely. The article is provided for general information purposes only. Professional legal advice should always be sought before taking any action relating to or relying on the content of this article. Our Platform Terms of Use apply to this article.

Related Articles

Read more of our latest blog posts, featuring all the latest legal news, analysis and opinion from our expert lawyers.

blog image
  • By Lawbite Team
  • July 27, 2021
Data Protection - European Commission adopts adequacy decisions for the UK

On 28 June 2021, the Commission adopted two adequacy decisions in relation to the United Kingdom, under the General Data Protection Regulation (GDP...

blog image
  • By Lawbite Team
  • July 27, 2021
Setting up a Limited Company UK: a guide for businesses

As a business owner, you may want to learn about the business legal structure known as a limited company. A limited company has a separate legal id...

blog image
  • By Lawbite Team
  • May 26, 2021
Your Post-Brexit GDPR Refresher

This month the General Data Protection Regulations (GDPR) celebrates its second birthday. Thinking back to the months preceding May 2018 you are li...


LawBite can help you

LawBite is on a mission to provide business legal advice that is easier to access, clearer to understand and much cheaper. Our on-line legal advice platform can quickly connect you with expert business legal advice. Our friendly, highly qualified business lawyers, solicitors and mediators will give you the guidance and reassurance that comes from customised legal advice for small and medium sized business.

Whether you are bringing or defending a legal claim, outsourcing work, want a business contract review to ward off disagreements, talk to an expert trademark lawyer, resolve a contractual dispute with methods like mediation and arbitration, or getting your new company set up and on the right footing with a robust shareholder agreement and GDPR standards, we can help you succeed.

defend a claim

Talk to a Lawyer

Book a Call
defend a claim

Essentials Plan