GDPR & ALF explained
Ensuring that all data in ALF is of the highest quality and compliant with all data protection regulation is our top priority.
With the General Data Protection Regulation (GDPR) due to replace the Data Protection Directive on 25 May 2018, all businesses and organisations that hold personal data are required to look at how they obtain, process and use that data to ensure they meet the required standards.
There are a number of key points that this raises for businesses using data for direct marketing and below we cover what they mean for ALF’s data, the people and businesses in our database, and our customers.
The EU legislation, which the UK government has confirmed will be retained after Brexit, says: ‘Member States shall ensure, in the framework of Union law and applicable national law, that the legitimate interest of end-users that are legal persons with regard to unsolicited communications…are sufficiently protected.’
Further, in its marketing guidance, the ICO has stated that a B2B email address with a named individual is personal data. The conclusion from this is that if you want to use a B2B personal email address for marketing, it has to be processed in accordance with GDPR’s definition of lawful and fair.
- Lawful requires either consent for marketing (i.e.: opt-in), or data processing based on legitimate interest which doesn’t over-ride the rights and freedoms of the individual
- Fair requires transparency and data subjects’ rights management.
The new legislation says that organisations can process data on the basis of legitimate interest. In turn, it also states that direct marketing is a legitimate interest. But that is only the case when the interests of the marketer do not override the rights and freedoms of the data subject.
So, what does that mean for ALF and our service to businesses who want to contact key decision makers at major advertisers and brands – along with their agencies?
At ALF, we process our data under ‘legitimate interest’. This means that we are not seeking express consent from each data subject listed in ALF, but we contact them all individually as part of our research and give them the opportunity to review the data that we hold on them, and, if they wish, to be removed from it.
We have undertaken a legitimate interest audit (there’s a useful guideline for doing this from the Data Protection Network here: https://www.dpnetwork.org.uk/dpn-legitimate-interests-guidance/) and we have put in place a process that ensures transparency, including a simple no-questions-asked opt out for all data subjects.
Every data subject listed in ALF – 33,039 at the last count – are contacted each time their details come around for update; or every nine, twelve, fifteen or twenty-four weeks. We email each data subject with a transparent privacy notice informing them of why they are listed in ALF, any possible outcomes of being listed, and how they can opt out of having their personal information held within ALF. In the case of any opt out request, we remove the corresponding data subject within 24 hours. This process also now applies to all newly-sourced data subjects, who are contacted before their details get published in ALF.
In summary, each data subject listed in ALF is now contacted two to six times per year with an explicit opportunity to be removed from ALF.
The result of that is our data is robust and compliant and the people in ALF’s database have a regular and clear communication about their inclusion, transparency about our information and process, and the ability to remove their information at any time.
Ultimately that means the quality of our information is stronger than ever.
ALF’s legitimate interest audit (LIA) is available on request. Simply email me at firstname.lastname@example.org and let me know that you’d like a copy.