Personal data processing for marketing
Advertising triggers sales so every company processes personal data in connection with marketing. According to GDPR[1]Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)it is possible to do it on two legal basis – on the basis of consent of person whose data are processed and for the purposes of the legitimate interests pursued by the controller. Both attitiudes are applied by companies.
Processing on the Basis of Consent
Pursuant to Article 6 p. a of GDPR, personal data may be processed if the data subject has given consent to the processing of his or her personal data for one or more specific purposes. In connection with the above, many controllers decide to add to their online forms an additional check-box in which users may give consent for their personal data processing for marketing purposes. Subsequently, controllers send marketing materials to persons who gave such consent.
Processing on the Basis of Legitimate Interest
An alternative attitude is to resign from asking users for consent and consider marketing as legitimate interests pursued by the controller. In such situation personal data of every person may be processed for marketing purposes. Of course, as in every case of personal data processing (including processing on the basis of consent), you have to remember about complying with information requirements determined in GDPR.
While personal data processing on the basis of consent is clear, marketing as legitimate interests pursued by the controller causes some doubts. Nowhere in GDPR provisions the legitimate interest of the controlled is defined. Only in p. 47 of GDPR recitals it is mentioned that “the processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest”. Because recitals constitute hints for GDPR interpretation, you can consider that the risk of another interpretation of direct marketing is really low.
Przypisy
↑1 | Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) |
---|