Social Media and Events: Possible Solutions to Cold Call Affected by GDPR

Recently, an insider informed Fazzaco that a well-known CySEC-licensed forex broker may face a penalty as the regulator received complaints over cold calls trying to persuade retail customers to make a deposit, claiming the broker's behavior goes against EU's General Data Protection Regulation ("GDPR").

GDPR

GDPR, agreed upon by the European Parliament and Council in April 2016, replaced?the?Data Protection Directive 95/46/ec?and came into effect on May 25, 2018,?as the primary law regulating companies?that handled?EU citizens' data.

GDPR's key content and data protection requirements include:

• Requiring the consent of subjects for data processing
• Anonymizing collected data to protect privacy
• Providing?data breach?notifications
• Safely handling the transfer of data across borders
• Requiring certain companies to appoint a data protection officer to oversee GDPR compliance

Obviously, the public lodged a complaint against the broker because it violates GDPR, which stipulates 6 lawful bases where a company is allowed to use and process personal data legally. 4 cases are for specific scenarios, and for most companies, only the remaining 2 cases can be used for commercial activities.

The first case is consent. "Consent should be given by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of the data subject's agreement to the processing of personal data relating to him or her, such as by a written statement, including by electronic means, or an oral statement."

The wording here clearly indicates that the data subject needs to express their intention to accept marketing materials and have the right to understand the certain marketing types. For instance, if a forex broker collects a trader's email address, with consent of course, then the platform can only contact the trader via email instead of via phone calls, as the trader may not expect a call from the broker.??

The second case is legitimate interest. "Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child."

This case is more flexible, since it depends on the forex broker's actions. The Information Commission's Office ("ICO") suggests a three-part test, i.e.:

• Purpose test?– is there a legitimate interest behind the processing?
• Necessity test?– is the processing necessary for that purpose?
• Balancing test?– is the legitimate interest overridden by the individual's interests, rights or freedoms?

No matter which case is, brokers need to keep record of it for review by regulatory bodies. One thing should be noted is that customers have the right to decline the marketing and also to withdraw a consent that they have explicitly expressed in the past, under which circumstance forex brokers should stop marketing immediately.Read Full Article