Some GDPR Consent emails are unnecessary
In response to the upcoming deadline for the implementation of the new General Data Protection Regulation, Matthew Holman, Principal in our Commercial team says;
“The vast majority – as high as an estimated 70% - of last-minute GDPR consent emails we’ve seen have not needed to have been sent out. A lot of businesses are sending consent requests to other businesses but under GDPR you need to very rarely request consent from B2B contacts. Our concern is that businesses are going to be wrecking their expensively put together databases unnecessarily”
“If businesses have requested consent from clients who subsequently unsubscribe, they are required to delete that data, even if the consent was originally never needed under GDPR. That is true for data about both B2C and B2B customers. Most GDPR consent emails are mistakenly being sent because of a herd mentality, with a resulting deluge of emails now being sent to clients at the last minute. Some businesses may have panicked – historically just 1% of all companies investigated by the Information Commissioner’s Office for misuse of data have been fined.”
“Consent is just one of six ways of legally justifying the use of data. For those consent emails targeting businesses, companies can often justly rely on having a legitimate interest and do not have to jump through regulatory hoops.”
There are other ways of legally justifying the use of data, including having:
- A contract
- A legal obligation
- Vital interests
- A public task
- Legitimate interests.
If you need any help ensuring your company is GDPR compliant or if you would like further information on this article, please contact Matthew Holman. Or you can give us a call on 0345 070 6000.