Opt in NOT REQUIRED for Car Dealerships to contact existing customers after GDPR?

Is it reasonable to say that if a customer has spent ￡10,000 you have a legitimate interest in contacting them and even sending marketing to them for sales and service and MOT? The UK is in the process of passing brand new legislation and the 2018 Data Protection Act will bring the EU GDPR legislation on the UK statute books with some essential amendments for the UK. The UK's Information Commissioners Office says contacting customers by direct marketing in the post is legitimate interest specifically referred to in Recital 47 of the Act.

Recital 47

(47) The legitimate interests of a controller, including those of a controller to which the personal data may be disclosed, or of a third party, may provide a legal basis for processing, provided that the interests or the fundamental rights and freedoms of the data subject are not overriding, taking into consideration the reasonable expectations of data subjects based on their relationship with the controller.Such legitimate interest could exist for example where there is a relevant and appropriate relationship between the data subject and the controller in situations such as where the data subject is a client or in the service of the controller. At any rate the existence of a legitimate interest would need careful assessment including whether a data subject can reasonably expect at the time and in the context of the collection of the personal data that processing for that purpose may take place. The interests and fundamental rights of the data subject could in particular override the interest of the data controller where personal data are processed in circumstances where data subjects do not reasonably expect further processing. Given that it is for the legislator to provide by law for the legal basis for public authorities to process personal data, that legal basis should not apply to the processing by public authorities in the performance of their tasks. The processing of personal data strictly necessary for the purposes of preventing fraud also constitutes a legitimate interest of the data controller concerned. The processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest.

What are the rules on electronic text and mail marketing?

The rules on electronic mail marketing are in regulation 22 of the Privacy and Electronic Communications Regulations, this supersedes GDPR in the UK. In short, you must not send electronic mail marketing to individuals, unless:

• they are an existing customer who bought (or negotiated to buy) a similar product or service from you in the past, and you gave them a simple way to opt out both when you first collected their details and in every message you have sent... or
• they have specifically consented to electronic mail from you

You must not disguise or conceal your identity, and you must provide a valid contact address so they can opt out or unsubscribe.

It is important that you do a Legitimate interest assessment before making a decision about gaining opt in or assuming legitimate interest, talk to us for help with this. So in light of the clarification from the ICO and the UK 2018 data protection act why go down the opt in route and destroy your dealership database? For more help visit https://www.motorvise.com/other-services/gdpr-consultancy-for-car-dealerships/ where you can get a free toolkit.