GDPR: Do I Need Your Consent?
GDPR affects all of us, both in our professional and in our personal lives. It is the most important change in data protection in 20 years, and having been recently adopted into law alongside the Data Protection Act 2018, it is here to stay. It affects everyone who deals with personal data, and getting it wrong is not an option. Amy Cuddy has described the two key ingredients to a business relationship as “trust and competence” in her recent book on Presence.
GDPR carries both within its core. Can I trust you with my personal data and are you competent in the way you use it? Now the marketing world have been in turmoil over the new regulations and the over reaction to it has been tangible and destructive in many organisations.
One of the most common misconceptions of the GDPR is that consent is a mandatory requirement for all processing of personal data. This is manifestly untrue and not understanding this is a costly error for organisations. Consent is just one of six lawful bases for processing personal data.
Instead of consent, marketeers should explore the ‘legitimate interests’ basis for marketing activities. If you can show the way you use people’s data is proportionate, has a minimal privacy impact, and people would not be surprised or likely to object to what you are doing, then this is the route to take.
And what if you see yourself as purely a B2B organisation? The GDPR applies wherever you are processing ‘personal data’. So, if you can identify an individual either directly or indirectly, the GDPR will apply, B2B is no excuse for inadequate data protection!
GDPR is not here to put businesses out of business but to focus the organisations and those within it on protecting other people’s personal data.
For more information contact [email protected]
Photo credit: Dennis van der Heijden
