Caroline Wilkinson, Cobweb’s Business Process Analyst, writes …
The General Data Protection Regulation (GDPR) came into effect on 25 May 2018, and so I bet you’re wondering why you’re still getting emails you thought would have automatically stopped!
Do you have customer or partner accounts where you provided information such as your name and email address, and you haven't unsubscribed from marketing communications? Then the business you have the account with has a 'legitimate interest' in sending you information relating to the services and solutions they provide.
Have you requested or downloaded information from a website and in doing so provided information such as your name and email address? If so, then the business who owns the site has a 'legitimate interest' in sending you information about their services and solutions.
Legitimate Interest is one of the six lawful bases for processing personal information, and used when a company uses people's data in ways those people could reasonably expect and which have a minimal privacy impact, or where there is a compelling justification for the processing. The GDPR specifically mentions use of client or employee data, marketing, fraud prevention, intra-group transfers, and IT security as potential legitimate interests, but this is not an exhaustive list.
Businesses can rely on legitimate interest for marketing activities if it can show that the use of people's data:
- Is proportionate
- Has a minimal privacy impact
- Where recipients would not be surprised or likely to object
- And does not breach Privacy and Electronic Communications Regulations (PECR).
So, if you find you are still receiving emails which you thought would stop when GDPR came into force on 25 May 2018, you are probably receiving them from businesses with a legitimate interest in you or your business. If you’re no longer interested in receiving those communications, simply use the 'unsubscribe' link to opt-out which you should find on each communication (usually at the bottom).