When GDPR came into play on 25th May 2018, it affected practically every business that processes customer data within the EU. It affects many aspects of business, but one main area it’ll make an impact is in marketing.
Do pre-GDPR marketing databases need to be deleted?
As a business owner, you may be asking whether you need to essentially start your marketing database all over again, asking each person to opt in, in order to be compliant with GDPR regulations.
You don't need to if you can either:
- Prove the consent people on your database gave you was of a GDPR standard (i.e. clearly and freely given by the individuals) at the time you received the data
- Show that your marketing communication is considered a legitimate interest (i.e. where the use of data is necessary or expected by the individual)
However, this is still only acceptable if the legitimate interest marketing offers the individual a clear way to opt out, that it doesn’t override the individual’s basic rights, and that the marketing is done in a relevant and time-sensitive way.
If your database doesn’t have the right level of consent and your marketing actions can’t be classed as being of legitimate interest, it’s likely that you’ll need to contact those customers on your database to inform them that they’ll need to opt in should they still want to receive communications from you.
Making sure your marketing actions and data processing fits the above rules, you not only protect your business by showing compliance with GDPR, but you also show your customers that you care about their data security – a valuable and respected trait in the opinion of consumers, especially with cyber security breaches often in the headlines.
Want to access this guide?
Already have a Farillio account? SIGN IN
Get unlimited access to 100s of legal resources by signing up to Farillio today.
- Manage your legal documents online
- Well written legal templates by our partners
- Guides to help you understand law
- Legal help available every step of the way