GDPR and contacting potential clients without consent

Home Forums Privacy & Data GDPR and contacting potential clients without consent

This topic contains 1 reply, has 1 voice, and was last updated by  Jonathan Lea 1 year, 5 months ago.

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
  • #3223

    Jonathan Lea

    A client asked us the following:

    “We are planning to send a nice introduction letter to some potential clients, with a view of follow up calls to introduce our organisation. However 50% of this potential client database was collected when staff were working at previous employers (note there’s no issue with restrictive covenants).

    Now that the new GDPR regulations 2018 are in force, what are the implications on actioning this plan? Where do we stand legally as an organisation as we do not have authorisation for any of the potential clients to have their details on file? ?”


    Jonathan Lea

    Our response was as follows:

    “There is yet no specific guidance applicable to your scenario, but our initial view is that you should be able to rely on a ‘legitimate interest’ exception and the ‘balancing test’ to use such data and send the intro letters without consent. See further here.

    We managed to somehow get through to the ICO helpline who have just confirmed that you can email and call based on the legitimate interest of your new company. When you’re first emailing them, you need to send them your privacy policy and the opt-out info. They also suggested checking if that company isn’t on the Corporate TPS, in case you wanted to call them first.”

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.