The EU General Data Protection Regulation (GDPR) forms one of the most important pieces of privacy legislation to take effect across Europe since the 1990s. GDPR extends to the UK all the time it remains part of the EU and will likely continue to apply beyond the UK referendum.
The GDPR replaces the Data Protection Directive (95/46/EC) and aligns data privacy laws across Europe. These are designed to protect the rights individuals have regarding their data and to reshape the way organisations approach data privacy.
Lyonsbennett is committed to best practice and to complying with relevant EU data protection requirements relevant to us and is compliant with the new regulations.
What we do currently
Lyonsbennett maintains a database of existing and potential clients for business continuity and development. This database is held securely in electronic format, it is original and created from readily available information. Lyonsbennett does not purchase data from third parties.
GDPR processing customer data
The Information Commissioner’s Office (ICO) has distinguished between ‘Individual’ and ‘Corporate’ subscribers. Lyonsbennett does not contact ‘Individual Subscribers’ unless they are acting as an agent of a corporation.
‘Corporate Subscribers’ are people using contact details from companies, LLPs and government bodies.
Our contact with ‘Corporate Subscribers’ is covered by the ‘legitimate interest’ ground for processing and is also permitted under Privacy and Electronic Communications Regulations 2003 (PECR).
All of lyonsbennett’s subscribers are ‘Corporate Subscribers’ and the Privacy and Electronic Communications Regulations 2003 (PECR) allow us to contact people via their business email address purely for business to business purposes.
Under PECR we may contact individuals via their corporate email address without requiring their specific consent. All of our marketing targets are business contacts rather than private consumers. However, they have certain rights, particularly where their name is part of their email address, including the right to ask us not to contact them again.
Contacting people using the grounds of legitimate interest
Legitimate interest, which means the interests of lyonsbennett in conducting and managing business to enable it to provide services, is a lawful basis for processing data under the GDPR.
Legitimate interest enables lyonsbennett, the data controller, to undertake marketing for its business as long as the data is used in ways that recipients of the marketing would reasonably expect and which have a minimal privacy impact, or where there is a compelling justification for the processing.
When using legitimate interest as a basis for processing, lyonsbennett understands and recognises that it is essential to balance the assumed interests against the individual’s. If they would not reasonably expect the processing, their interests are likely to override the legitimate interest ground.
What this means in practice is that as long as the data subject or recipient has an expectation of being contacted in relation to a particular topic, then we may contact them accordingly.
Handling unsubscribe requests
All lyonsbennett emails, whether to an individual or business domain have simple, highly visible unsubscribe links. We will record and act upon any unsubscribe requests.
Lyonsbennett, as data controller, is confident of being GDPR compliant. We are certain that we fall within the scope of PECR for ‘Corporate Subscribers’.
Lyonsbennett only collects data for specific, explicit and legitimate purposes. All data is maintained securely.
Lyonsbennett uses the lawful basis of Legitimate Interest to contact all subscribers.
Lyonsbennett will continue to review its position under GDPR and will track further guidance from the ICO and act upon this guidance accordingly.
If you have any queries regarding this statement or would like to discuss it further, please contact the Data Protection Officer at lyonsbennett, Phoenix House, 32 West Street, Brighton BN1 2RT.