Does your company have a mailing list?

The introduction of the General Data Protection Regulation (GDPR) on 25 May 2018 could change your ability to use that mailing list going forward. The GDPR will replace the current data protection legislation and will constitute a fundamental change in the use of databases and mailing lists.

The GDPR includes heightened obligations on businesses – data processing consent will need to be sought for every type of mailing - silence, pre-ticked boxes or inactivity will no longer constitute consent.

If your organisation holds personal data, ask yourself these questions:

1. Have we obtained consent from each individual to use their details (e.g. email, address, telephone number)?

2. Do we use pre-ticked boxes or rely on a party not unsubscribing as consent?

3. Can we evidence the consent obtained?

If the answer to any of these questions is no, consent has not been freely given. You will need to contact each individual to obtain their express consent to use their personal data going forward and keep a record of their consent to use as evidence. Given the time changes are likely to take it’s wise to prepare your business now.

What’s more, if you’re not prepared, you’re at risk of being fined for up to 4% of your global annual turnover or a maximum of €20 million.