Will new EU data protection laws spell the end for effective business networking?
Think of this familiar scene: you are attending a conference or trade fair to promote your business – perhaps you have a stand there. You talk to potential customers and contacts and exchange contact details with them, maybe handing over business cards. But you hesitate, remembering the EU General Data Protection Regulation (GDPR) sets down rules about giving privacy information to data subjects, the people whose personal data you hold. In order to comply with the letter of the new law that comes into effect later this year, do you immediately whip out your extensive GDPR-compliant privacy notice and give it to your customer or contact? Probably not.
However, you are being given personal data and you intend to use it, which is precisely the situation envisaged by GDPR. So what should you do in future to ensure you comply with data protection law?
The circumstances under which data is exchanged are significant. If the exchange of data occurs in a business context there is no need for you to obtain specific consent in a business-to-business context because your customer or new contact is expecting you to use their details for marketing and business purposes.
But are you still required to provide a GDPR-compliant privacy notice? While this is technically what the law requires, it is reasonable to take the view that you should provide a privacy notice in a way that is proportionate to the circumstances.
In our example – at the conference or networking event – it would be advisable to display on your stand a prominent statement about how you intend to use the data you collect. If you do not have a stand, make sure it is clear from what is said between you how you intend to use the information by asking, for example, whether your customer or new contact would like to be included on your mailing list.
To be compliant with GDPR, you must be able to demonstrate you are being fair and transparent, and that your intentions are unambiguous. When you do follow up with business contacts, explain openly where your GDPR privacy notice can be found by sending a copy or including an email link. Finally, only send relevant marketing material to individuals who might reasonably expect to receive it – and always remind them of their right to opt out.
Robert Enticott. Partner, business servicesBusiness, General, George Ide, News