Filter By

Show All
X

Connect to

X

Please login to comment.

Comments

This is really interesting, I've been researching the same thing. As PECR does not cover postal marketing, does that mean that I can collect personal data for DM without consent? 

Thanks, Mike

Hi Steve, great article. 

I generally think you got to the right place but I am not convinced by how you got there.
 
The phrase "The processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest" is not vexing at all. In fact, it is remarkably clear for European legislative language. Direct marketing is a legitimate interest and there for does not need an opt-in - full stop, crystal clear. If GDPR was the only law of the land then we would be back to the wild west days of opt-out email rather than the current opt-in regime. GDPR however, is not the only European law or regulation that covers the email marketing industry. The EU e-Privacy Directive was written to sit on top of the old Data Protection Directive and it sets a higher standard for direct marketing via email and SMS. While the current e-Privacy directive does not sit well on the new GDPR, it's fundamental principles have not changed and therefor email is still opt-in. Throughout the spring, there was a public consultation on the e-Privacy Directive with a view to adapt it based on technological advancements, support the Digital Single Market Strategy and bring it into line with the GDPR. Those responding to the consultation overwhelmingly feel that special privacy rules are needed for the electronic sector and that the current language has not achieved its objective. I suspect that the e-Privacy Directive will be rewritten and most likely get upgraded from a directive to a regulation.
 
In essence, your argument presupposes that the e-Privacy Directive exists and therefor it would not be possible under GDPR to legitimately collect email without an opt-in. While that is true, should the e-Privacy Directive go away, then GDPR would not enforce an opt-in. Put another way sending an email in the UK without an opt-in would not contravene GDPR but would contravene PECR. The only way GDPR would come into play is if an enterprising enforcement person at the ICO wanted to levy a significantly higher fine.

Hi Mike - Simple answer: no.

Remember that the GDPR covers data collection, storage and use; how that data is protected while in your control; how data subjects control the quality, use, disclosure and destruction of that data.

You need a legal basis for collecting, storing and using personal data. Full stop!

Think of web browsing and purchase data, linked to an individual:

If you record page and product views, the device used and the location of the browsing; and you build up a profile based on this location and behaviour and it’s linked to an individual – this is a common scenario convered by the GDPR.

If you have marketing consent, that marketing consent may already cover that behavioural profiling:

The question to ask is: If you don’t have marketing consent what is your justification (the legitimate interest that you can prove) for collecting and processing personal data?

Related Articles

What do customers think about email? What do they like to receive from brands? What content do they prefer? How can brands get consumers to sign-up and avoid them unsubscribing too? Discover why email is still the most loved channel by customers.

Consumer email tracker image.jpg

New challenges have been set by five of Edinburgh’s leading cultural organisations, selected in the second round of Creative Informatics Challenge Projects. This is part of a £7.6 million initiative which aims to transform the Edinburgh’s creative industries through innovative use of data.

HES image 2.jpg

Turning Lives Around

Individuals don’t act to receive thanks but a simple personalised message can give you a sense of belonging. When thanking your customers or supporters the challenge lies in making the thank you genuine and personalised.

DMA_Image_Stmungos.jpg