GDPR’s definition of personal data is much broader than previous regulation. Article 4 states that “‘personal data’ covers any information relating to an identified or identifiable natural person”. This means that if data can be used to identify someone either directly or indirectly it is covered by GDPR. As well as obvious details such as email and a physical address, it also includes photos, IP addresses and bank details. The regulation also broadens the definition of personal data to include the ‘physical, physiological, genetic, mental, economic, cultural or social identity’ of a person.
Brexit will have no effect whatsoever. The Great Repeal Bill, despite its name, will simply enshrine all existing EC legislation into UK law, including GDPR. The UK government has committed to comply with future EC legislation so that the UK can continue to receive data from the EC.
Both B2B and B2C communications are covered by GDPR, and the definition of personal information includes a business email address. Forthcoming UK e-privacy regulation may loosen up B2B marketing. However, the draft legislation proposes that marketing to existing customers will be allowed only. Until then, GDPR must be strictly applied to B2B marketing, gaining consent from everyone before using their contact details.
GDPR only applies to EC citizens. If your mailing list contains contacts in the US, Australia and Singapore you can email them without consent, subject to national legislation such as the CAN-SPAM Act in the US.
Vodat International Ltd. © 2018 Vodat