The EU General Data Protection Regulation is the most critical aspect of European privacy legislation in the last 20 years. It is effective from 25th May 2018.
GDPR replaces the 1995 EU Data Protection Directive (European Directive 95/46/EC), concerning the rights that EU individuals have over their data, and creating a uniform data protection law across Europe.
The GDPR applies to associations handling and holding individual/personal data within the EU. It also applies to companies outside the EU that offer goods or services to individuals in the EU.
Personal data implies any data that can be utilized directly or in indirect way distinguish the individual. This could be anything from a name, Computer IP address, bank details or location information.
Depending on the severity of non-compliance companies can be fined upto 2% of global annual revenue or €10 million whichever is highest. It can go upto 4% for more serious breaches. These rules apply to both data controllers and processors.
You can continue to cold call corporates and sole traders/partnerships provided the telephone numbers have been suppressed against the Telephone Preference Service and the Corporate Telephone Preference Service registers every 28 days as well as any in-house suppression files you hold. You need to always offer them the opportunity to opt out of future calls.
You can send postal mailings to corporates and sole traders/partnerships.
You can only email the contacts who have given you consent to contact them specifically for your company. GDPR applies as it covers data processing and data controlling.
Email addresses of corporate employees can be bought for third party email campaigns. Legitimate interests would be used to process this personal data as long as all the following criteria are fulfilled: