As you are probably aware the new General Data Protection Regulation (GDPR) is set to come into force on the 25th May 2018, changing the way in which companies can store, process and use personal data. This has sent many businesses into a tailspin, as they desperately try and understand how the new regulation will impact on them.
Like many companies, we have researched the legislation, attended masterclasses and even contacted the Information Commissioner’s Office (ICO).
When we contacted the ICO directly we were told that ‘GDPR will apply to any use of personal data in any context regardless of whether it is in a business environment or not’. We felt the response was a little vague and didn’t directly address how GDPR will impact the B2B industry.
As we continued our quest to get more clarity we reached out to our client, Paragon Customer Communications (CC).
As one of the UK leading communications companies, working with some of largest multinational companies in the UK ensuring their business communications are fully compliant with the latest data protection laws, we felt it was a good port of call. We specifically asked Marc Michaels, Director of Strategy and Insight at Paragon CC, who has a wealth of knowledge in GDPR and agreed to shine some light on the subject.
Marc informed us that only a few weeks ago the ICO brought out a new piece of guidance (amongst many that have surfaced), which centres on ‘legitimate interests’, appreciably modifying the current position. The guidance is fairly clear that the B2B market can now utilise business contacts information without consent if there are ‘legitimate interests’ in doing so, a balancing assessment has been undertaken and an opt-out mechanism is always offered. This is because ‘business contacts are more likely to reasonably expect the processing of their data in a business context, and the processing is less likely to have a significant impact on them personally’ (ICO).
You may be wondering what constitutes ‘legitimate interests’, according to the ICO’s guidelines “you (or a third party) must have some clear and specific benefit or outcome in mind. It is not enough to rely on vague or generic business interests”. You need to balance your needs against the data subjects.
This clarification of ‘legitimate interests’ should make compliance easier for B2B companies.
For example, as a marketing agency, we interpret this to mean that we have a legitimate interest in supporting businesses with their marketing, as a result, we are able to contact business individuals and promote our marketing services, as we have ‘reason to do so’. This is because our services can ultimately enable them to grow their own business. Such contact is very unlikely to cause a negative impact on businesses. Indeed it should help them a great deal.
Our thanks to Marc Michaels.
By Alf Lombardi