GDPR common sense FAQ’s for small businesses
GDPR common sense answers are needed for common GDPR questions. Most of GDPR is straight forward if you value your privacy as that’s what GDPR is about. GDPR is not a stick to beat companies with. GDPR is a way to ensure that companies keep our digital lives safe and our personal information ours. Below are a growing selection of questions that we’ve been asked about GDPR by small businesses.
As with any new law, there are quite a few grey areas when it comes to specific details. They will take time in the courts to iron out as different interpretations of the law are argued. Fortunately for small businesses, most of these areas are more applicable to larger businesses. Small businesses need to understand the spirit of the law by applying GDPR common sense and ensuring they take the necessary steps to comply.
If someone gives me their business card, can I call or email them?
Of course. That’s why we all have business cards and why we give them out and people give them to us. To be contacted.
Can I add someone to my newsletter if I have their business card?
No. If you want to email them direct, that’s fine, that’s what they gave you the card for. They DID NOT give you the card to be added to mass marketing lists.
Do I need to ask permission to add someone to my newsletter email?
Yes. And you need to ensure that there is an opt-out link included in the newsletter so that they can unsubscribe should they wish to.
Do I need to ask permission to send my newsletter to someone already on my list?
Not if you have communicated with them recently. If you include an unsubscribe link in all your newsletters, which you should be doing anyway, then recipients are being asked each time you send them your newsletter if they wish to continue receiving it and are being provided with an easy means to opt out. So, unless you would like to use GDPR as a reason to contact all your list recipients, you shouldn’t need to.
As well as this, email marketing is actually covered under GDPR’s sister PECR (Privacy and Electronic Communications Regulations) which has been around since 2002 and was updated in 2016.
If someone is on your list legitimately then further consent is not required. But, if you send a resubscribe email to someone who did not ask to be on the list, you are in breach. Flybe and Honda have just been fined by the ICO for sending out resubscribe emails.
Can I make a marketing call to a phone number on a company website?
Yes. The number and email address on websites are related to the company, not a person. That’s one of the reasons why it’s good business practice to use role accounts such as sales@ and info@ on websites and other publicly available company information.
Does GDPR apply to my business?
If you are a business that has one customer or one staff member and you take their name or address or phone number or email etc. then GDPR applies to you.
I’ve heard that the salaries of the ICO will be paid by the fines?
This is not correct, it’s a fabrication. The ICO (Information Commissioners office) is not issuing fines in order to generate government revenue.