Page 15 - 10052 WORSH Marketor Issue 79.indd
P. 15
When is a customer “current”? processing lawful if the data subject’s Cases of uncertainty
personal consent has been obtained.
The real problem is deciding whether Controllers who are uncertain of their
or not a particular customer is It takes the form of sending the data position and hesitant to rely on the
“current”. Where the customer subject a communication referring to other grounds for lawful processing
the privacy policy (which can be
obtains goods or services from time are still sending out requests for
to time, how long a period of attached or found on a website) and consent along with their privacy
inactivity will require the controller to then asking the data subject to send policies, even when they really have
take data subjects off the list of back either a written form or an email no need to do so. However, it is true
consenting to the processing of his or
current customers, treat them simply that the other grounds for lawful
as recipients of general marketing her personal data in most cases for processing tend to be narrower than
the purpose of communications
information and therefore be the position that can be obtained by
giving information about the
obliged to seek their consent to asking for consent.
continue communication with them? supplier’s products and services. 4. DATA PROCESSING AND
One Example ARTIFICIAL INTELLIGENCE
This can only be a subjective
decision. In my own case, for A typical message I received was Where it is not possible to identify a
instance I arranged a holiday in early the following: natural person from the data
2015 using two service providers. I We have been sending you topical collected, it will not qualify as
have not used either of them since. updates and event invitations and personal data and the GDPR will not
Company A sent me the following would love to continue to do so. We apply. However, where the data to
communication: want to make sure that we only stay be analysed does (or may) qualify as
in touch with you if you want us to. personal data seeking consent is not
As it may have been a while since going to be practical. In this case
we last contacted you, we have 7R FRQÀUP \RX VWLOO ZDQW WR KHDU organisations are relying on the
removed you from our future mailing from us please click on the box below. legitimate interest ground.
lists. Want to receive marketing If you do not click the box below, One very large organisation where I
communications from XYZ in the we will not be able to continue am a regular customer described this
future? Please click on the link <here>. sending you such messages.
legitimate interest ground in
On the other hand, Company B If you would like to know more about summary as follows:
continues to send me information on how your personal data is handled, It is in our legitimate interest to
the services it provides, treating me please see our <privacy policy>. use your personal information to
as a regular customer. The only Asking consent by email operate and improve our business.
difference I can see is that I had
There are two problems with asking 5. THE FUTURE FOR GDPR
used Company B on more than one
RFFDVLRQ SULRU WR ZKLOH WKH ÀUVW for consent by email. First, many such Once the initial period of
and last contact I had with emails end up in the spam folder and implementation is over things will
Company A was in respect of the are never seen. Second, it is very easy settle down, I continue to believe
2015 holiday. It therefore seems to ignore emails, particularly if they that the biggest issue businesses will
logical that Company B would feel it are not well worded. Short ones that face is not misuse of personal data
KDG VRPH MXVWLÀFDWLRQ WR WUHDW PH DV are quite common – “We cannot talk but the danger of security breaches
to you again if you do not give us from unauthorised access to
a continuing customer. Holidays are
not always booked with the same your consent by replying to this email” personal data by third parties.
– often do not go down well. The
supplier every year, and my past I believe one quote from a supplier’s
marketer can help by crafting the
relationship with them would make it letter that I received sums up the
more likely that I would (as indeed I message which tells the recipient why impact of GDPR well:
it is in his interest to keep receiving
might) book a holiday through them communications. Of course, many of We have always taken seriously how
again in future. we look after your personal data.
the campaigns around seeking
D. Prospective Customers consent in this situation take a scatter Generally, there will be little difference
gun approach, covering as many in the way we collect and handle your
The requirement for consent personal data, but we will have to
people as possible in the hope that a
Here there is no contract either reasonable proportion will reply, but provide more information when we
concluded or in view. Reliance is best in the knowledge that many such do collect it and may have to ask you
placed on the provision which makes messages will either fall by the for explicit consent if we process any
special categories of personal data….
wayside or be rejected by the
recipient. Reputable and conscientious
suppliers, committed to serving their
3. OPTING IN
FXVWRPHUV SURSHUO\ ZLOO QRW ÀQG
Where consent is required GDPR a hindrance to carrying on
There has been much discussion business.
about this principle. In general, it can This article is a summary of a full
be found in the requirement that discussion of GDPR and privacy
consent must be given positively. issues in my Master’s Blog 3. This is
+RZHYHU RSWLQJ LQ E\ GHÀQLWLRQ KDV available on the Marketors website
no place where the other grounds at http://marketors.org in the News
for lawful processing apply. Section.
MARKETOR SUMMER 2018 marketors.org 15
