GDPR – some misconceptions
OK, I know I said I wouldn’t write another one… but we’re really worried about how much confusion there is among vets about the GDPR. Unfortunately, there is some misleading and even factually inaccurate information being published in the veterinary press which could cause commercial problems for practices, frustration to clients and even, potentially, animal welfare issues. In particular, we’re worried about the idea that seems to have taken hold to the effect that you always need to get consent to email your existing client base.
This is not true.
Unfortunately, it’s a very widespread myth – it’s even been published in In Practice – and as a result we and our solicitors have written to the editor of the Veterinary Record, asking that the BVA clarify the legal advice they are giving. This letter has not yet been published, unfortunately.
We covered this in some detail in an earlier blog, however, it’s really important to get your head around two key points.
Firstly, consent is not the only legal basis. You can process personal data under any one of the six authorised legal grounds (consent, contract, legal obligation, vital interests, public tasks or legitimate interests). Direct marketing may be considered a Legitimate Interest, providing you can satisfy the appropriate tests (that you have a legitimate interest, that the processing is necessary to achieve it, and that your interests have been balanced against that of the individual concerned).
So, the GDPR does NOT require you to obtain fresh consents.
The second key point is that this type of marketing is covered by the Privacy and Electronic Communication Regulations 2003 (PECR). This shouldn’t be news – it’s been in force for a decade and a half, and really you should have been compliant with it already! This states that you need consent to send electronic marketing UNLESS:
You have obtained their details in the course of a business negotiation (i.e. they are a client).
You are marketing similar products or services (i.e. veterinary ones)
The recipient has had the opportunity to opt out (which your receptionists should have been doing when registering clients, and you should have on all your emails anyway).
Many people have said “well, surely it’s better to play safe, be whiter than white, and insist on consent”. The problem with this argument is that most people do not opt in when asked to do so – some organisations are seeing a 90% drop in the size of their email lists. This is bad for us as vets (we lose upselling opportunities), it’s bad for clients (they no longer receive information about service changes or offers), and it’s bad for animals (their owners no longer receive reliable animal health information).
Ah, you might say, well you would say that wouldn’t you?
Actually, no – it makes absolutely no difference to us whether you use consent or Legitimate Interest. OK, a consent based list member who opts out needs to be handled slightly differently at our end, but it’s no harder or more expensive. We’re actually more worried about you and your clients!
We really hope this has helped; however, we can only give general advice – if you need to know how you can action this, do talk to your lawyers about your specific situation.
If, however you’d like to discuss technical aspects of GDPR compliance, feel free to get in touch.