Is your company prepared for GDPR regarding direct marketing?

Aleš EppingerPartner, Schaffer & Partner

The General Data Protection Regulation (GDPR), which becomes effective on May 25, 2018, will have a significant effect on many areas of your company’s everyday life – such as labor-law agenda, personal data protection and application of the required IT protection standards, or adoption of required organization directives and other legal documentation.

Obviously, special attention to the processes which the company’s operation is most dependent on should be paid, specifically processes connected with promotion of sales of the goods and services of the business, often in by means of direct marketing. Many companies keep lists of possible clients to whom they distribute emails containing adds or, often, they contact their customers via phone.

Although direct marketing as such is not banned by the GDPR, such processes need to be adjusted so they fulfil the GDPR requirements. Namely, the following aspects should be addressed:

  • What are the legal titles under which does your company process personal data (a consent vs. “a legitimate interest of the administrator”)?
  • To what extent are your company’s clients’ personal data processed?
  • What form of communication is used to contact the clients (e.g. phone, email)? Are all requirements met during such contact (i.e. are information obligations in accordance with GDPR)?
  • Is the personal data processing performed with the client’s agreement? Is the consent sufficient according to the GDPR?

Further action is to be carried out in accordance with answers to the above questions and the way of implementation will surely be affected by the forthcoming ePrivacy regulation which will address certain processes related to direct marketing.

Should you be interested in the above topic in more detail, our legal team is prepared to assist your company with adaptation of your direct marketing processes in accordance with GDPR.