GDPR steals all the limelight

14th April 2018Two people having a meeting on bench with a Laptop open and a tablet being used.

As you are probably aware by now – after all, it’s all we’ve been talking about for months – the new GDPR legislation (General Data Protection Regulation) is now just over a month away from being implemented.

You’ve probably heard an abundance of information regarding GDPR, but something that appears to be under-reported is its sister regulation e-Privacy, which is also set to change soon.

It is important to understand both the different regulations, as although they are different, they complement one another, and must both be employed.

So, what are the differences?

The enforcement of GDPR means that the individual is given more rights with regards to their own data, and they must now choose whether or not they wish to be contacted by organisations.

For businesses, this means before the 25th May, you need to have contacted everyone on your mailing and communications list and ask them to either opt-in or opt-out. After this date, if you contact anyone that has not explicitly opted-in, you will be breaking the law. 

As we highlighted in our previous blog post – an exception to this rule is if you believe you have a legitimate interest to contact an individual. With legitimate interests, you are able to send marketing to an individual if you are able to prove that there is a legitimate reason for you to do so for the benefit of your business. For example, a corporation communicating with its customers to win business would be deemed as a legitimate interest of the business, and therefore they would be permitted to contact customers providing they sent relevant material.

Legitimate interest is only applicable to postal mail and telephone contact – with the caveat that the consumer is not registered with the TPS or MPS (voluntary) which is a register of people who have overtly said they do not want to receive marketing-related calls or letters.

Email marketing and SMS are controlled by the PECR regulation.

PECR (Privacy and Electronic Communications Regulation), or e-Privacy, insists you must have hard consent for any electronic communications. This must be recorded and documented and remember, you cannot use legitimate interests in this instance, so it is essential you get consent.

However, whilst PECR / e-Privacy was due to come into force on 25th May 2018, the same date as GDPR, it is our understanding that this has been significantly delayed and is likely to be the end of this year, if not early 2019.  What this means is that you have a little longer than it was originally thought to gain your electronic opt ins.

We appreciate this is still a very confusing topic for most people, and there are lots of different articles being published that provide different information and different advice. Remember, there is no such thing as a GDPR expert. Here at Griffin, we simply want to advise that it is best practice to ensure you have the necessary consents from your customers so that you don’t find yourself caught out and facing a hefty fine.

For any more information regarding GDPR or e-Privacy, please don’t hesitate to get in touch with one of the team here at Griffin House Consultancy, and we will be more than happy to help you.

Let us ease your mind

If you have any queries, questions or requests then please get in touch. We’re always very happy to talk, you’ll find a friendly voice on the end of the line or simply fill out the form below.

    Your Contact Details

    This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.