Marketing within the GDPR legislation: 6 questions
March 2023 – The GDPR legislation forces organisations, including sole proprietorships and SMEs, to handle privacy-sensitive data carefully. Collecting data for marketing purposes is subject to strict rules. What is allowed and what is not? Below we answer six frequently asked questions about GDPR.
1. What is GDPR?
The General Data Protection Regulation (GDPR), or Algemene Verordening Gegevensbescherming in Dutch (AVG), is a European law that stipulates how organisations must handle privacy-sensitive information. For example, every organisation must demonstrate what personal data is collected, how it is used and how it is secured. Those who fail to comply risk fines and penalties of up to €20 million or 4 per cent of annual global turnover.
2. Can I send my customers a direct mailing about new products or services?
Companies are allowed to notify existing customers of new products or services if they are similar to what they have previously purchased. So if someone buys a bike from you, you may not email them with information about printers. Moreover, the customer should be able to unsubscribe from future emails at any time. Note that the AVG distinguishes three types of direct marketing, each with its own rules: digital direct marketing, telemarketing and advertising mail.
3. I collected a lot of business cards at a trade fair. Can I send these people an e-mail with a commercial offer?
Yes, you may. If someone gives you a business card, you automatically have permission to use the card for its intended purpose. Note that you may not pass the card on to your colleagues without permission. So you may not store the contact details in your company's central CRM system.
4. Can I export contacts from my LinkedIn network to my e-mail list?
No, your LinkedIn contacts have not given explicit permission for this. However, you may ask your LinkedIn contacts via a public status update or a private message if they are interested in emails from your company. Attach a link to that message so that your connections can subscribe themselves.
5. For convenience, I have already ticked the question of whether I can send e-mails to my customers. Is that allowed?
No. People must consciously sign up for a list. Pre-checking tick boxes, while a user has yet to give their consent is prohibited. 'Silence is consent' does not apply.
6. How do I ensure that cookies on my website comply with the AVG?
GDPR regulations only apply to tracking cookies. These allow organisations to track visitors' internet behaviour and create personal profiles. Website visitors must give explicit permission to set these cookies. The following conditions must be met:
○ Website visitors are allowed to refuse the cookies.
○ It must be clear what the organisation is asking permission for.
○ Visitors have sufficient information about what happens to their data when they give consent.
○ Visitors must give consent with an active action, such as checking a box.
○ The use of tracking cookies is in your privacy statement.