Where you have existing customers, i.e. persons to whom you have provided a product or service – even if provided free of charge – you are permitted to stay in contact with them, provided that you:
a) can provide evidence that they are your customers, and
b) you offer them at all times the opportunity and ability to decline future contact with your organisation.
You may hold other personal data, for which you rely on the consent of the data subject, e.g. lists of leads, prospects, website contacts or blog subscribers. In these cases, it is essential that:
– their consent was freely and knowingly given, and that you can prove this,
– that you use their information only for purposes consistent with the consent that was given,
– that the data subjects have the opportunity to withdraw their consent.
This area is complex, and the exact way in which the regulations should be applied will be dependent on the ways in which any existing personal data – and consent – was acquired. Furthermore, it is essential to plan and implement compliant processes and systems that follow a Privacy by Design framework to ensure that all personal data held or processed in the future is secure. Above all, it’s essential that you document all your processes concerning the handling of personal data, and that these are designed with the individual’s privacy rights as the main consideration.
How can you introduce Privacy by Design?
This FAQ is in these categories: GDPR