GDPR common sense
GDPR FAQ’s for small businesses
GDPR common sense answers are needed for common GDPR questions. Most of GDPR is straight forward if you value your privacy as that’s what GDPR is about. GDPR is not a stick to beat companies with. GDPR is a way to ensure that companies keep our digital lives safe and our personal information ours. Below are a growing selection of questions that we’ve been asked about GDPR by small businesses.
As with any new law, there are quite a few grey areas when it comes to specific details. They will take time in the courts to iron out as different interpretations of the law are argued. Fortunately for small businesses, most of these areas are more applicable to larger businesses. Small businesses need to understand the spirit of the law by applying GDPR common sense and ensuring they take the necessary steps to comply.
If someone gives me their business card, can I call or email them?
Can I add someone to my newsletter if I have their business card?
Do I need to ask permission to add someone to my newsletter email?
Do I need to ask permission to send my newsletter to someone already on my list?
As well as this, email marketing is actually covered under GDPR’s sister PECR (Privacy and Electronic Communications Regulations) which has been around since 2002 and was updated in 2016.
If someone is on your list legitimately then further consent is not required. But, if you send a resubscribe email to someone who did not ask to be on the list, you are in breach. Flybe and Honda have just been fined by the ICO for sending out resubscribe emails.
Can I make a marketing call to a phone number on a company website?
Yes. The number and email address on websites are related to the company, not a person. That’s one of the reasons why it’s good business practice to use role accounts such as sales@ and info@ on websites and other publicly available company information.
Does GDPR apply to my business?
If you are a business that has one customer or one staff member and you take their name or address or phone number or email etc. then GDPR applies to you.
I’ve heard that the salaries of the ICO will be paid by the fines?
This is not correct, it’s a fabrication. The ICO (Information Commissioners office) is not issuing fines in order to generate government revenue.
For only / month can you afford not to have Managed Cyber Security?
If you have questions, please contact us and we’d be happy to help.
Already know what you need