Featured in JEP’s Expert Panel – 8th June 2018
A:
I am always asked this question and there’s a lot of uncertainty as to what people can do with business cards once they receive them.
Key points to note;
- the simple action of the person giving you their business card is demonstration of their consent for you to have it; the question is all about what you do next with it!
- its contains personal information, so GDPR rules do apply
- you can use the information to stay in contact with the person if the purpose is for normal business development, customer/client work, keep on a contact list (delete the data once it becomes redundant/out of date); use “legitimate interest” lawful bases for this processing where in “performance of a contract” bases is not appropriate, but ensure you have considered the “balancing test” criteria to address any data subject’s objection
- you must not automatically assume it’s ok to start sending them direct marketing information (e.g. emails etc..), you need to specifically get the new “opt-in” consent for such activities
Take the sensible approach and think about the real purpose you were given the business card in the first place.