Arrange a Consultation

What am I allowed to do with business cards under GDPR?

Jun 8 - Brian Siney

Featured in JEP’s Expert Panel – 8th June 2018


I am always asked this question and there’s a lot of uncertainty as to what people can do with business cards once they receive them.

Key points to note;

  • the simple action of the person giving you their business card is demonstration of their consent for you to have it; the question is all about what you do next with it!
  • its contains personal information, so GDPR rules do apply
  • you can use the information to stay in contact with the person if the purpose is for normal business development, customer/client work, keep on a contact list (delete the data once it becomes redundant/out of date); use “legitimate interest” lawful bases for this processing where in “performance of a contract” bases is not appropriate, but ensure you have considered the “balancing test” criteria to address any data subject’s objection
  • you must not automatically assume it’s ok to start sending them direct marketing information (e.g. emails etc..), you need to specifically get the new “opt-in” consent for such activities

Take the sensible approach and think about the real purpose you were given the business card in the first place.

Ensure Your Business is GDPR Compliant Today!

Contact me today and arrange a consultation…

Be Secure is a Jersey-based data consultancy business specialising in GDPR data protection, data privacy and cyber security. Leveraging extensive experience of founder Brian Siney, Be Secure offers a unique business focus and perspective for managing GDPR.

Send me a message

Call me on 07797 738743

More from the blog

Back to Blog home