DATA PROCESSING COMPLIANCE Adhearing To GDPR & PECR Regulations
PECR AND GDPR Our Data Processing Compliance
The Privacy and Electronic Communications Regulations 2003 (PECR) govern, in part, direct marketing by telephone and email. In order to send unsolicited (unexpected) email marketing to private individuals, they must have the individual’s given consent. This rule also applies to sole traders and those working in a partnership. The rules on marketing on a business to business basis however, is different. Unless an individual has ‘opted out’ of receiving such email marketing (i.e. by using an unsubscribe function on the relevant email/s), then it is lawful to send unsolicited email marketing to them at their business email address. Consent is essential to obtain if email marketing is to consumers, sole traders or those in partnership. PECR governs direct marketing processes and the lagality of said processes.
DATA PROCESSING COMPLIANCE 2019
PECR AND GDPR Our Data Processing Compliance
The GDPR requires that personal data must be processed lawfully, which means that before processing can take place, the lawful bases for processing must be established. In our case, the law that we are most interested in is ‘legitimate interest’. Processing on the data subject that has given consent on a legal basis, as is processing based on a ‘legitimate interest’. A legitimate interest to process personal data can be used for the purpose of being used for direct marketing. This premise is relied on investigation of the contending premiums between the information subject (B2B contact) and the data controller (Aurora). In the event that we are handling an information subject’s personal information for direct advertising purposes, we will hold such data legally, in light of the fact that when we survey, we make sure the person has a genuine interest from the offset, with the rights and opportunities to conduct direct marketing.
DATA PROCESSING COMPLIANCE 2019
B2B LIST SALES
Our legal compliance summary
• Our data lists contain verified B2B contacts, here contacts have not ‘opted-out’. • We regularly verify our B2B lists for contacts who are sole traders and those in partnerships to ensure GDPR compliancy. • Consent (or ‘opt-in’) may or may not have been obtained for each contact, however consent is not legally required for B2B contacts of business organisations (direct marketing by email, mail or telephone (calls). • To comply with GDPR, the B2B contacts lists processed by us all have a ‘legitimate interest’ in your product or services. • The lawful basis elected for processing data records is that we have a ‘legitimate interest’ to process them for the exclusive purpose of direct marketing.
DATA PROCESSING COMPLIANCE 2019
B2B LIST SALES Our legal compliance summary
• We assess legitimate interest an appropriate lawful basis, because: • The data records are business contacts (names, telephone numbers and email addresses); • The processing is of business contact details, and there is low impact on the privacy of the individual; • Email direct marketing is a reasonable method of processing to achieve commercial objectives; • The data subjects in question might expect to receive business marketing to their business email addresses. As such, the processing is transparent and fair; • The data subjects may easily indicate that the data processing is against their wishes and are easily allowed to unsubscribe at any point. • We conclude that the rights and freedoms of the data subjects in question are not negatively infringed upon hilst we process their data. • Where a B2B contact objects to this processing, we will stop processing for this purpose (GDPR compliance and PECR compliance i.e. opt the subject out of communications & delete the record where requested).
DATA PROCESSING COMPLIANCE 2019
Telephone: 01202 087 750 Website: www.aurorademand.com Email: info@aurorademand.com