• Q​: As a tourism business we regularly send our customers direct marketing material via post and email with new and exciting offers. We have heard that data protection law is changing – is there anything we need to be aware of?

    A: The Data Protection Act 1998 (DPA) currently regulates the control and processing of personal data in the UK but from May 2018 the General Data Protection Regulation (GDPR) will come into force, imposing a number of onerous obligations on organisations.

    In order to process personal data (including postal and email addresses), businesses need the data subject’s consent and under the GDPR the standard of consent will become higher. In particular, consent will have to be freely given, specific, informed and unambiguous and it will also require some form of clear affirmative action from the data subject – pre-ticked boxes. Silence or inactivity will not suffice.

    You will, therefore, need to consider how you currently obtain consent from your customers to receiving marketing material and whether in light of the GDPR your procedures need to be updated. In relation to existing customers that you already send marketing material to, whether you will be able to legally continue to send such material ultimately depends on what sort of consent to processing you originally obtained from them under the DPA.

    In principle, you will not be required to obtain new consent from individuals if the standard of the original consent meets the higher standard required under the GDPR. Email marketing already requires a higher form of consent under the Privacy and Electronic Communications Regulations 2003 so if this has been your preferred method of communication in the past, there may be a greater chance that you are already GDPR compliant. It is important to review your current policies to avoid non-compliance with the GDPR.

    Under the GDPR fines for data protection breaches will rise from the current maximum of £500,000 to €20million or 4% of global annual turnover.

    This content is correct at time of publication

    Can we help?

    Take a look at our Commercial Law, Data Protection and GDPR page for useful information, resources, guidance, details of our team and how we may be able to help you

  • Get in touch

    Please fill out the below form or alternatively you can call us on 01622 690691

      By submitting an enquiry through 'get in touch' your data will only be used to contact you regarding your enquiry. If you subscribe to any of our newsletters, you can unsubscribe any time using the link in the email. Please view our privacy statement for more information