The GDPR covers information that identifies individuals only, so any business to business marketing would not be covered as long as the details are generic and don’t identify an individual.
So if the email address was sales@businessname.co.uk that would be fine, no individual is identified, however if your contact is j,bloggs@busniessname.co.uk then you are identifying an individual and therefore GDRP does apply.
That doesn’t mean you can’t send marketing materials to them, there are several basis for consent that could apply depending on the situation, as long as the information you’re sending is relevant, expected and not intrusive.
The GDRP will apply to business cards if they contain an individuals personally identifiable information, like their name (and what business cards don’t have names on them!) and if you store them in an ‘organised filing system’
That could apply to a filofax, rotadex or similar system, or if you input the details into a digital storage system, like your phone or PC address book. It’s slightly less clear if the information is ‘stored’ loose in your draw or desk.
Again, the GDPR offers means to ‘store and process’ this information in this way, you just have to be aware of it and make sure you don’t use the information in a way that would be unexpected. It might be expected to pass the details onto an interested third party, say a work colleague, who might want to make contact with the individual. It would probably not be expected for you to pass that information onto a third party marketing company that has no relation to you or your business.
There’s a lot of work that needs to be done getting GDPR compliant, we can take the burden off you and create the policies, documentation and processes you need to make sure your organisation is compliant.
We can continue to support you by processing your incoming user requests and monitoring your processes to make sure your organisation remains GDPR compliant.
Contact Us Today!
Some of the GDPR specific services we offer include:
The GDPR UK implementation and the UK Data Protection Act 2018 govern how organisations can process personally identifying information.
If your organisation needs to process personal information, it needs to be registered on the ICO database, and have a Data Protection Policy in place detailing the use of personal information.
Personal Information is any information that can identify an individual, such as employee names, customer id’s or CCTV footage.
If you need help assessing your GDPR compliance, contact us immediately for a GDPR review.
View Comments
Do you write GDPR policys for business to business? We're a small business that needs some help.
I have tried to contact you by email. If you still want help with this please contact us https://tinsleynet.co.uk/contact/
We've had an email from the ICO, can you help us?
Hi.
If you contact us, I'm sure we can help you. https://tinsleynet.co.uk/contact/
This doesn't make it clear if using my phone to call businesses is ok or not?
Hi Zack, I'm not sure what you mean here. If you're asking 'can I still store details in my phone book and make phone calls to them' then the answer is most likely 'yes'
If you're speaking as a member of the public, then you don't directly fall under GDPR.
Perhaps you can give some more information on what you need help with?
I don't think the law applies to email or to business cards as you say, its not something that the police can do anything about anyway.
Hi Elza. The GDPR applies to any personally identifiable information relating to an individual citizen of the EU.
What that means is that any information (digital, printed, written, spoken or any other type) being processed or stored that can be used to identify an individual person in the EU is covered, this includes processing by transmission by email or storage of businesses cards with personal information on them.
Each country has its own Data Protection Agency that oversees the enforcement of the GDPR, this is usually maintained through reportes of breaches of the regulations from members of the public or other businesses.
As to whether the Data Protection Agency actively follows up a report is up to them, obviously they don't have the resources to follow up every single report but you can imagine if an organisation has multiple reports of data security breaches against it, it's more likely to be investigated. The ICO in the UK have already shown they're ready and willing to prosecute if needed, with several successful prosecutions under the GDPR already.
But at the end of the day, the nature of the data that the GDPR is designed to protect is such that even without such regulations, organisations and individuals should have enough sense of responsibility and respect of other people's information that they don't misuse it.
Does this mean I can not sent emails to people I work with in the Europe? I email them daily and send them information by email, will this be affecting me doing that?
No, the GDPR is not designed to prevent emails being sent, only the protect any personal information in the emails being intercepted or misused.
If you need to contact an individual in the EU, make sure you have a valid reason to have their contact information in the first place, and to make contact with them. If your basis is consent driven make sure they are given the option to opt-out as easily as they opted in to receiving your emails.
If you are sending additional personal information or any information that is classified as 'special category data' make sure you take all reasonable precautions to protect that information from being accessed unlawfully, this could mean using encrypted emails or encrypted attachments. If you're using password based encryption, make sure you have a procedure in place to securely transmit the password to the recipient separately from the email.
You really make it seem really easy with your presentation however I find this topic to be really something that I think I would never understand. It kind of feels too complex and very vast for me. I am taking a look ahead to your subsequent put up, I'll try to get the dangle of it!
If you need help with getting your business GDPR compliant, we can help. We can assess your business as it is and identify all the areas that fall under GDPR, we can write your GDPR policy files and help you make any changes to comply with the GDPR requirements.
Ive learn some just right stuff here. Certainly worth bookmarking for revisiting. I surprise how much attempt you place to create this type of magnificent informative website.
everything is very open with a precise description of the challenges. It was really informative. Your website is extremely helpful. Thanks for sharing!
We're a group of volunteers and starting a brand new scheme in our community. Your site provided us with helpful information to work on. You've done a formidable task and our entire community can be thankful to you.
Hey There. I found your blog the use of msn. That is a very neatly written article. I'll be sure to bookmark it and return to read extra of your helpful info. Thank you for the post. I will certainly comeback.