When the Data Protection Act is replaced by the GDPR, what is going to happen to your existing data? Will you need to contact everyone to get permission to hold their data? what about if they don’t respond?
It’s not all about consent
While consent might be a well known basis for holding onto someone’s personal data, it might not be the most appropriate bases for your organisation. If you are providing an on-going service for an individual or if they are a customer, you might be able to apply other lawful basises for processing their data.
I bought a list of prospects from a marketing database company
If you have a database full of ‘potential’ clients that you bought from a marketing company, you may have more difficulty in applying a lawful basis other than consent.
So what does the GDPR say about re-consenting?
The above (GDPR Rec171) clearly states that it is not necessary for reconsenting the data if the consent was given in accordance with GDPR.
So, if the data you hold was given with clear specific and granular details and positive opt-in, then you can continue to process the data in relation to those terms.
However, most data was probably not obtained with those conditions, and in that case you will need to obtain consent.
Re-consenting via Email?
You’ll probably start seeing lots of email from organisations wanting to keep your data on file, but how many of them actually comply with GDPR regulations?
You can send emails out, but you need to make sure that the recipient is actually opting IN to consenting to give their data, with the option to opt out, and that the T&C’s are included on the email giving the clear, specific terms of processing.
We’ve already seen quite a few emails that do not meet these requirements, and as such their processing of data after May 25th will be in breach of the GDPR.
#WeCanHelp
There’s a lot of work that needs to be done getting GDPR compliant, we can take the burden off you and create the policies, documentation and processes you need to make sure your organisation is compliant.
We can continue to support you by processing your incoming user requests and monitoring your processes to make sure your organisation remains GDPR compliant.
Contact Us Today!
Some of the GDPR specific services we offer include:
- Data Protection Officer Services
- Policy Writing
- Data Handling
- ICO Registering
- Process Monitoring
- Process Assessment
<a href="mailto:it@tinsleynet.co.uk" role="button">
it@tinsleynet.co.uk
</a>
<a href="tel:+447825650122" role="button">
07825 650122
</a>
<a href="/contact" role="button">
Contact Us
</a>
0 Comments