General Data Protection Regulation (“GDPR”), is the main legislation in Europe that seriously affects the whole personal data processing activities. Whilst, bringing drastic changes for the companies like; monetary fines up to % 4 of the global turnover or 20 Million Euros, it is extending the rights of the data subjects as well; like “right to be forgotten” claims. In such dynamic realm where privacy will be “by design” the core principle shall be providing more control to the owners over their personal data.
As explicit consent is the primary pre-requisite for data processing, “legitimate interest” is one of exceptions of it and is the most flexible lawful basis for processing.
As it is flexible and fragile, we are handling it with care! We are following the related European governmental and independent regulatory bodies closely and have meticulously adapted their principles to our operations, in line with their guidelines.
In Businessemaildatabase compliance with regulations is fundamental, which is why we have always been committed to know and respect the current and applicable regulations for the protection of the contacts in our Database.
Doing our work requires the maintenance of a risk-free Database. To do so, we have – since 2018 – scrupulously followed every indication of the law, even when the national legislation was conceived on the traditional world with little or no reference to the world of the Web and the community was only a sketch.
With the GDPR, the legislators have finally conceived modern legal texts aimed at the Digital world.
Nevertheless, due to the intrinsic nature of laws and regulations, many actors in the consulting field have been limited to fearing high and generalized risks without carefully analyzing the context in which the Direct Marketing world finds itself in the light of this new Regulation.
At Businessemaildatabase we have conducted and we currently update a specialized and scrupulous analysis of the GDPR regulatory framework for our field.
The research reveals that GDPR not only does not limit the general operativity, but expands and contextualizes it with precision. Businessemaildatabase procedures and types of data processed are therefore compliant with the GDPR.
Business Email Database
Today, Our email Database contains more than 32,000,000 of company records, associations and freelancers. Inside the Database there are 2 cases/types of data:
* The exact case:
Full Legal Person
It represents 75% of the total records in our Database: companies, associations and entities with various corporate group forms and generic contact data (eg: info @) or department (es .: marketing @, sales @, etc.).
These subjects are excluded from the protection of the Regulation on the basis of Recital 14 of the same that we fully report:
“ The protection afforded by this Regulation should apply to natural persons, whatever their nationality or place of residence, in relation to the processing of their personal data. This Regulation does not cover the processing of personal data which concerns legal persons and in particular undertakings established as legal persons, including the name and the form of the legal person and the contact details of the legal person.“
However, for ethics and greater guarantee – although this exclusion from the treatment protection was already included in the previous legislations – we have always assured to these subjects the Universal Rights (information, verification, updating and removal). We will continue to do so also with the GDPR.
In the same virtuous and strategic view, we advise our customers to use the same type of approach, ensuring the recipients proper information and rights.
* The mixed case:
Legal Person with natural person contact data
It is a much less frequent case in our Database, but existing. Contact data that incidentally identifies the “natural person” can appear according to two patterns:
While in the first case, the person is clearly identified by the company to which it is related; the second case collects mostly freelancer, professionals or self-employed people who use, albeit for business purposes, contact details that clearly identify the “natural person” even beyond his professional role.
In both cases the arguments are two and equally relevant:
If the email address (or the name and surname, the charge, etc.) have been conferred by the subject, indicating them as contact data for their business activity, this precise action brings them in the exclusion of Recital 14.
If instead (beyond the intentions of the transferor) you want to consider these data as referring to the "Natural Person", the right to treatment is assured by two other Law Statements: 47 and 70.
Particularly, the 47 states, as a conclusion:
” The processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest.
Thus, if the direct marketing aims to legitimate interest, the processing of this type of data is allowed. In this case, the interested party’s assertion of the rights is no longer a choice but an obligation. This means to inform the recipient about the data treatment and its purposes by ensuring the exercise of the rights.
Transmitting the disclosure could be the occasion in which to present your activity and the object of the eventual promotion “.
WE ARE FULLY GDPR COMPLIANT AND TO STAY LIKE THIS WE…
- We have checked that legitimate interests is the most appropriate basis.
- We understand our responsibility to protect the individual’s interests.
- We have conducted a legitimate interests assessment (LIA) and kept a record of it, to ensure that we can justify our decision.
- We have identified the relevant legitimate interests.
- We have checked that the processing is necessary and there is no less intrusive way to achieve the same result.
- We have done a balancing test, and are confident that the individual’s interests do not override those legitimate interests.
- We only use individuals’ data in ways they would reasonably expect, unless we have a very good reason.
- We are not using people’s data in ways they would find intrusive or which could cause them harm, unless we have a very good reason.
- We do not process special category and children’s data.
- We have considered safeguards to reduce the impact where possible.
- We are promoting our clients to offer an “opt out”.
- We keep our LIA under review, and repeat it if circumstances change.