Please do contact one of the team if you have any questions about GDPR – as well as ensuring that our people, processes and systems are compliant, they are also here to help you.
Our data collection and processing methods:
- Barbour ABI will use three lawful bases for processing personal data, legitimate interest, consent and contract. We have produced an unbiased legitimate interest assessment for each element of personally identifiable information that we process.
- Our lawful bases will be stated in our privacy notice and will be made evident to everyone who gives their consent for Barbour ABI to process their data. In practice, this means that we will continue to gain consent from industry professionals to pass on their email address as part of our project reports for our clients. We already record this in our database and will continue to do so.
- We are also members of the Direct Marketing Association (DMA) who provide best-practice marketing guidance underpinned by a code that puts the customer at the heart of everything they do.
- Our fully audited GDPR compliance documentation is available to view on request.
What this means to our clients:
You can continue to use our data to support your sales and marketing activities, as long as you adhere to GDPR regarding the collection, storage and use of personal data within your own business. We recommend that you take independent advice to ensure that you comply. Using personal data for the purposes of electronic marketing communications continues to be covered by the Privacy and Electronic Communications Regulations 2003.
Frequently Asked Questions
We have collated a list of questions that we have been asked by our clients so far. If you have a question you would like us to answer that does not appear below, please do let us know at [email protected].
What makes you compliant with GDPR?
We have audited every process within the business to ensure we are compliant with GDPR. As such we have revised processes and procedures where necessary so that as a business everyone understands their role in ensuring compliance with GDPR. It should be noted that GDPR relates solely to personal data, meaning a lot of existing processes remain unchanged.
Will the data you supply be different after 25 May 2018?
The data that we supplied prior to 25th May 2018 adhered to the existing Data Protection Act (DPA) and the data we collect after 25th May 2018 will adhere to GDPR. GDPR does not mean you cannot process personal data, and the vast majority of the data we collect will remain unchanged.
How can you still supply contact names? Surely they are classed as personal data?
The Information Commissioner’s Office (ICO) does state that contact names are personal data, however you are still able to process personal data as long as you have a lawful basis for doing so. Our lawful bases allow us to continue to hold and process contact names.
How will I know if an individual has requested opt-out from Barbour ABI?
If an individual has requested to be removed from our database then that individual will no longer appear on Evolution/Barbour ABI App/Openings etc. We advise all of our clients to extract and use the data within 24 hours. If you have extracted our data into your CRM, it will be your responsibility to update the records you hold.
Does the data you supply make me compliant with GDPR?
No. It is your responsibility to comply with GDPR for the collection, storage and use of personal data as a data controller within your business. The processes involved with our own collection, storage and use of personal data comply, and you have to ensure the same.
What can’t I do now with the data which I could before GDPR?
The data we supply to you remains the same. However it is your responsibility to comply with GDPR for collection, storage and use of personal data within your business. Remember that under GDPR you are now the data controller and you now have to give data subjects’ enhanced rights around their personal data. You must also comply with existing regulations such as PECR. It also remains your responsibility to adhere to our contracted terms and conditions.
Can I do anything with the data I already hold or do I have to delete it?
Once you have processed data and imported it into your CRM or equivalent, under GDPR this means you are now the data controller. It is therefore your responsibility to comply with GDPR with regards to the data that you already hold. Consent gained prior to 25th May 2018 has been obtained under existing DPA regulations and is something you must be aware of. We will be refreshing our consent with individuals as an ongoing process, something we already do as “best practice” to comply with DPA, and something we will continue to do to comply with GDPR.