Categories: GDPRPolicy

GDPR: What about our existing data?

When the Data Protection Act is replaced by the GDPR, what is going to happen to your existing data? Will you need to contact everyone to get permission to hold their data? what about if they don’t respond?

It’s not all about consent

While consent might be a well known basis for holding onto someone’s personal data, it might not be the most appropriate bases for your organisation. If you are providing an on-going service for an individual or if they are a customer, you might be able to apply other lawful basises for processing their data.

I bought a list of prospects from a marketing database company

If you have a database full of ‘potential’ clients that you bought from a marketing company, you may have more difficulty in applying a lawful basis other than consent.

So what does the GDPR say about re-consenting?

Where processing is based on consent pursuant to Directive 95/46/EC, it is not necessary for the data subject to give his or her consent again if the manner in which the consent has been given is in line with the conditions of this Regulation

The above (GDPR Rec171) clearly states that it is not necessary for reconsenting the data if the consent was given in accordance with GDPR.

So, if the data you hold was given with clear specific and granular details and positive opt-in, then you can continue to process the data in relation to those terms.

However, most data was probably not obtained with those conditions, and in that case you will need to obtain consent.

Re-consenting via Email?

You’ll probably start seeing lots of email from organisations wanting to keep your data on file, but how many of them actually comply with GDPR regulations?

You can send emails out, but you need to make sure that the recipient is actually opting IN to consenting to give their data, with the option to opt out, and that the T&C’s are included on the email giving the clear, specific terms of processing.

We’ve already seen quite a few emails that do not meet these requirements, and as such their processing of data after May 25th will be in breach of the GDPR.

#WeCanHelp

There’s a lot of work that needs to be done getting GDPR compliant, we can take the burden off you and create the policies, documentation and processes you need to make sure your organisation is compliant.

We can continue to support you by processing your incoming user requests and monitoring your processes to make sure your organisation remains GDPR compliant.

Contact Us Today!

Some of the GDPR specific services we offer include:

  • Data Protection Officer Services
  • Policy Writing
  • Data Handling
  • ICO Registering
  • Process Monitoring
  • Process Assessment
        <a href="mailto:it@tinsleynet.co.uk" role="button">
                    it@tinsleynet.co.uk
                </a>
        <a href="tel:+447825650122" role="button">
                    07825 650122
                </a>
        <a href="/contact" role="button">
                    Contact Us
                </a>
Share
Leave a Comment
Leave a Comment
Tags: DAPData ControllerData ProcessorData Protection ActData Protection OfficerDPOExisting DataGDPRGeneral Data Protection RegulationICOInformation Commissioner's OfficeMay 25Right of AccessRight to be ForgottenRight to be InformedRight to Data PortabilityRight to ErasureRight to ObjectRight to RectificationRight to Restrict Automated Decision MakingRight to Restrict ProcessingWeCanHelp
6 years ago