GDPR. Harder Than You Think...
Keith Rozelle, Sales Marvel
LinkedIn for Grown-ups | Empowering SMEs to Win. On LinkedIn | Mentor: Help to Grow | Author: How to Sell Virtually
Have you noticed how many people don't seem to use business cards these days?
Having been lucky enough to have lived and worked around the world, so business cards are a bit of a ritual for me - try starting a meeting in the Far East without one and don't EVER write on one. Exchanging business cards is something you should automatically do at the start of every meeting that signals to everyone in the room "ok we're having the meeting now".
Last week however, the person I met for the first time didn't use business cards. No problem I thought, I'll ask for her email address when we're finished; however, in all the excitement I forgot to ask.
No problem, I'll get her email address from the contact that recommended me in the first place, so that I can write back, outline the actions and move the deal forward. Imagine my incredulity when I received the following response:
Sorry, owing to the new GDPR legislation, I can't disclose the client's email address
I thought everyone's gone GDPR mad (remember Y2K?), a total over-reaction to a fairly simple issue...or is it?
To get some clarity, I asked my friend and GDPR expert Mark Keating of Shadowcat Software in Lancaster and here's what he told me:
If the manager uses their real name as part of the their corporate email address then it's PII (Personally Identifiable Information) by definition, so your contact would likely be breaching GDPR legislation by disclosing the address to you.
Somewhat irritated with myself at having committed such an elementary faux pas, I asked Mark if there's any way around this - here are the options:
1. Ask how the client collects emails and what the details are for sharing them (how do they decide if it's in their privacy notice)?
2. Do they use a consent-based route to holding and sharing information or legitimate business interest?
3. Is the email address publicly visible (company website, their LinkedIn profile etc) as then, it is manifestly in the public domain and they are therefore open to sharing it.
Mark was also kind enough to offer this advice to me "In the future I would recommend that you get their email address at the interview, so you can write back and thank them later."
Yeah, thanks Mark!
GDPR is a mindset all of us should now be cognisant of...whether we like it or not.