For the next three weeks we are going to be setting out some do’s and don’ts if you are planning to take part as an Exhibitor at a wedding fair this Spring.
Collecting personal data? You betcha!
You come to network, right? Collect cards and names? Possible customers? Possible suppliers? Investigate interesting quirky delivery from interesting quirky people, who you might not need or want daily, but you’ll hold on to that information, just in case…
Hopefully they do the same with your cards and business info. That’s why you signed up to be an Exhibitor at a wedding fair.
So what can you keep, what can you do with the stuff you collect – personal data (see the link for that definition) but essentially email address, telephone numbers , information about your customers and contacts. You may also hold special category personal data ( see link for that definition) if you hold information about your customers sexual orientation or disability needs, for example. How is best kept and recorded? How do you ensure that you use it compliantly and within the limits of GDPR.
Remember there are 6 bases for lawfully processing personal data and the three most relevant for you are:
- If you have a contract to delivering goods and services – so this covers anyone contacting you to enquire about your products or services, you can legitimately process their personal data ( that means email them, call them, write to them…) and tell them what you have and what you do, and the price! Consent is not relevant here. If they ask about what you do, you can tell them. What you cannot do is then automatically add them to a database and start sending them all sorts of offers, newsletters and other sales info which us generic and not specifically requested – UNLESS they have given consent. Which leads us nicely into….
- Consent – here’s the reason why that tsunami of emails appeared in your inbox in the last week of May 2018….
- Legitimate business interest: the catch-all provision. As long as you can say that your processing was for a legitimate business interest, you can process the data when you are not yet selling goods or service to the client and you do not have clear consent. BUT you must be able to justify this if challenged.
A good way to view this would be if you received a business card or a contact number whist at a network event and you followed this up with an email to introduce your business or a product – that’s probably justifiable as legitimate interest. Adding them to your database and sending them your regular monthly newsletter or special offers and discounts every time you have a sales push is definitely NOT legitimate interest. If you want to do that, your initial email needs to include an option for them to actively opt in to that receipt. If they don’t do this, you shouldn’t follow up. If you do, be prepared to have a very good reason to justify that action.
Next week we’ll be looking at your TO DO list as an Exhibitor before, during and after the wedding fair to ensure compliance and evidence gathering (or is that bottom covering….) or you can check out our other blogs on this topic here….https://www.stanfordgouldonline.co.uk/category/gdpr-for-wedding-suppliers/