GDPR, Legitimate Interest & Recital 47

What does it all mean for marketers?

Before you go...

We don’t mean to brag, but our monthly newsletters are pretty damn good. They’re filled with useful information and how to's to help you grow your business. So do the smart thing, sign up below to get them in your inbox.

No spam, we promise!

GDPR has been giving data controllers, marketers and business owners the fear ever since it came into force across Europe on the 25th May 2018. However, thanks to a little known recital, namely recital 47, it’s not quite as scary as you’d think.

But, before we dive into what recital 47 means let’s have a quick recap.

divider

What is GDPR?

Also known as the General Data Protection Regulation, it’s designed to protect personal data handled anywhere in the European Union (EU) and European Economic Area (EEA). Its aim is to give individuals control over the data companies hold on them and understand their rights about what the company can do with it.
 
Under GDPR, Data Controllers have to be clear about the type of information they collect and have justifiable reasons to hold it. This is generally outlined in something known as a Privacy Policy.
 

Within the Privacy Policy, Data Controllers must outline the following:

What data they collect
Why they collect it
What they use it for
How long it’s kept
Whether they share it with any third parties

As well as that, all data must have been collected with clear consent and be stored safely to ensure it’s not at risk of getting into the public domain.

 
Historically, companies were able to easily collect data by using opt-out forms. This was a fast and easy way to capture data as permission to collect was assumed, and most people didn’t realise they had to tick to opt-out. But, when GDPR came into effect that was no longer legal. Now, data can only be collected if a person actively chooses to opt-in. Not only that, any data previously collected using the opt-out model is now illegal and has to be deleted. This change meant that a lot of companies saw their marketing pots slashed when GDPR came into effect. It was a huge headache and an issue that saw your inbox flooded with companies asking for you to opt-in to stay on their mailing lists before the 25th May.

So What’s Recital 47?

It essentially says that if you hold data for someone which you don’t have categorical permission to hold, you are still able to use that data if you have a legitimate interest.

The only caveat is that the data can only be used in a way that the data subject could expect. For example, if you hold data for a father of two who has been a customer in the past, they could reasonably expect you to contact them to promote a family event. But they definitely wouldn’t expect you to contact them in relation to a ladies’ night featuring the current line up of the Dream Boys. Or would they?!

However, don’t take Recital 47 as a free pass to not bother obtaining consent when collecting new marketing data. The final line in the recital states “The processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest”. The term ‘may’ means that the recital is a bit ambiguous for marketing activities, so you’ll always be best off asking for consent before storing new information.

Registering with the ICO

And while we’re talking data, one thing that you may not realise is that if you hold and process data you should be registered with the Information Commissioners Office (ICO) and pay a data protection fee. There are three levels of fees which range from £35 and £2,900, but for most organisations, it will be £35 or £60 and all fees are VAT exempt.

There are some exemptions, and this link takes you through a short questionnaire to see if you need to register and if so, what fee you need to pay.

If you need a GDPR compliant privacy policy for your business, get in touch and we can get one written by our expert legal partners.
Plus, if you found this useful be sure to subscribe to our monthly newsletter below so you don’t miss our next articles.
divider

From the Blog...

We periodically add useful and interesting content to our blog. Below is a selection of some of our most recent content and to get the latest posts in your inbox you can subscribe to our monthly newsletter. No spam, we promise!

Why you should optimise your website images
Why you should optimise your website images

Optimising an image is a process where you create a top-quality image whilst maintaining the smallest file size you can. It’s not an easy job but it is vital for any website, especially an e-commerce site as they are hugely image reliant.

read more
Designing for Accessibility
Designing for Accessibility

We guide you through the key things you need to create an accessible design for people with specific disabilities and neurodivergence.

read more
How to Analyse (and improve) Your Website
How to Analyse (and improve) Your Website

You should be analysing your site regularly to make sure it’s delivering the best user experience for your target market. In turn, delivering the most leads and sales. But, if you’re not used to it, it may be hard to work out what to look at when you start to analyse your website.

read more