Let’s try to understand

GDPR is an acronym for General Data Protection Regulation. As the name suggests, it’s a set of rules which aims to govern the way data protection is implemented by businesses, particularly on the internet. The new implementation of these regulations is set to take effect from 25th May 2018 and companies will have to make sure they are compliant with said regulations in time. It’s important to note that while the new GDPR may emanate from the European Union, it’s certainly going to impact how online business is conducted on an international level. The new regulations will replace all previous data protection laws the EU had until now. And it will also supercede the UK’s very own Data Protection Act of 1998. The goal of all data protection legislation, the new GDPR notwithstanding, has focused mainly on how companies respect and uphold the privacy of people it deals with in the real world. In short, all manners of how personal information is collected and handled from customers and clients needs to be regulated. Once we gather data, we process the data under a ‘legitimate interest of a marketing company’, which means we can provide this data to our client (you), if we protect the rights of the data subject. We protect the rights of our data subjects through our policies & procedures, and the terms & conditions under which we provide our data to our customers. We only provide data for B2B marketing and not for consumer marketing. Remember….A business has a legitimate interest in finding new customers; so long as it balances this interest, with the interests and rights of the data subject, then it can process personal data for the purposes of marketing. We believe that this means there should be clear alignment between the product, service or content being communicated, with the individual’s role (e.g. job description), industry or another targeting factor. This relies on high-quality data and strong segmentation criteria. Marketing communications using legitimate interest must operate on an unsubscribe or opt-out basis, and follow the other data processing rules from GDPR. The onus is on the client (you) to make sure you also follow the rules laid out by GDPR The GDPR stipulates that users will first have to provide approval through consent before any data is processed. Obtaining this consent needs to be of the utmost importance.

What is personal data?

“ ‘Personal data’ means any information relating to an identified or identifiable natural person (data subject); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person ”. Definitely the GDPR states that IP addresses should be considered personal data as it enters the scope of ‘online identifiers’.

The Privacy Policy