What do you know about GDPR already? How should you work with marketing campaigns now?
GDPR – General Data Protection Regulation – is a new tool for protecting the personal data of individuals.
The aim of the regulation is to distinctly enforce the data protection of European Union citizens.
It becomes enforceable from 25 May 2018 in all members states of the European Union.
It is crucial to know how the new legislation influences businesses and entrepreneurs outside of the EU, in case they process EU citizens' data. It is always necessary to inform the subjects that their data is being kept outside of the EU and how is this situation treated.
Any data related to the determined or determinable subject is considered personal data. Subject is considered determined or determinable in those cases when it is possible to identify the subject, directly or indirectly, especially based on a number, a code, one or multiple elements which are specific for the subject's physical, physiological, mental, economical, cultural or social identity.
Any data declaring the subject's national, racial or ethnic origin, political views, membership in trade-unions, religion, philosophical beliefs, conviction for a criminal offense, health condition, sexual life and the genetic data. Biometric data, enabling a direct identification or authentization of the data subject, is also considered sensitive data. It can also be reffered to as sensitive personal data.
The usage of MARKETING MESSAGES
Looking at the adjustment itself, the general rule is, that using personal data in order to send electronic marketing communications to individuals is only possible with the consent of the person, who provided their personal data for this purpose.
The question is, which situations oblige the sender (an individual as well as a legal entity) to posess the consent of the third person, whose personal data (e.g. e-mail, phone number) he is about to use for marketing purposes.
Marketing messages sent without consent
The recital 47 of GDPR determines that processing personal data for the purpose of direct marketing can be considered processing due to a legitimate interest of the administrator. But careful, a few rules need to be followed:
- I will use electronic contacts of my customers, related to the sale of my product or service and I have gained the personal data within the performance of the contract - order. There has to be an easy possibility for the customer to unsubscribe.
- Sending business messages without consent has to be linked directly to the service or product offered within the performance of the contract. So in case I have sold a car, I cannot offer wellness.
Sending marketing messages within business relations
- For sending business messages to business companies via email or teleohone, consent is not required, it is appropriate to offer the possibility to unsubscribe.
- If the form of the is [email protected], or [email protected], then the message should always offer the possibility of unsubscription.
The time limit for sending marketing messages
- The sender always needs to inform the other party for what purpose and for how long is the consent being given.
- The consents always have to be carefully archived, so that in future it is possible to prove when it was given , for how long and what purpose.
- The consent has to be an unambiguous confirmation expressing free will of the person giving the consent, it needs to be free, specific, clear, separable and informed.
- So the subject giving a consent has to give it actively, via signature, ticking a box, silance or inactivity definitely does not mean a giving a free consent.
- The consent also has to be informed enough and the subject asking for a permission to send marketing messages should clearly define who he is giving it to, if only the marketing subject, someone else, or also other subjects, who else will process the consent have it at his disposal.
- for what specific purpose is it being given, specifying the products or services, campaigns etc.,
- for how long it is being given,
- to what personal data is the consent related to, i.e. if only email or also e.g. telephone number,
- instructions about the basic rights.
IMPORTANT EXTRA TERMS:
eWay-CRM, version 5.2
In the first half of April, we present a new eWay-CRM version 5.2. This version enables much easier GDPR complying.
As the GDPR becomes enforceable May 25 2018 in all member states of the European Union, all our clients or future users get over a month to implement the new functions.
(Note: Please consult all the legal issues with your lawyer, the eWay-CRM provider does not take any responsibility for legal compliance or mismatch with the regulation.)
Methodical guide GDPR eWay-Book is an eBook for all eWay-CRM users, offering answers to the most common questions about GDPR. It also contains simple methodological processes, explaining what to do in various situations.