Under the GDPR, businesses have a variety of choices for justifying the lawful processing of personal data; six to be precise.
Consent has stolen the headlines and there is a perception it is the only option: the other five alternatives have been lost in all the chatter.
Clarity is most welcome
It was refreshing to see Elizabeth Denham put the record straight. In her 16 August blog post cleared everything up: “Consent is one way to comply with the GDPR, but it’s not the only way”.
For home shopping companies using the postal direct mail channel, legitimate interest is a viable option. Indeed, data processing for direct marketing purposes is called out in the GDPR’s recitals as something that may be regarded as carried out for a legitimate interest.
The Legitimate Interest processing condition allows you to send mail to your customers without their specific consent. This condition assumes that you have an interest in sending your customers a mailing and they have an interest in your products and services. You need to tell them that you plan to send them mailings and give them the opportunity to object and opt out. You also need to have assessed that the balance of interests between you and your customers is fair.
Further information on legitimate interest can be found in the data Protection Network's valuable guidance document.
Don’t wait - take action now
Another piece of valuable advice from the Information Commissioner is not to wait for the approved guidance before taking action. While recognising the final guidance will not be available for some time, she highlights that the complete version is unlikely to change significantly from its current form.
We endorse this call for action. We are already working with Abacus Alliance members to help them, particularly around developing effective data collection statements. In addition, we’ve been providing materials throughout the year to offer practical guidance.
To discuss how we can work support you in this area, please contact your Account Manager.