Data Protection Compliance and the Usage of Email Addresses
Are you aware that data protection compliance also applies when you write emails on behalf of organisations which are subject to data protection law? Did you know that by using the “cc” function you may be sharing personal data, namely email addresses, with third parties and thereby breaching data protection law? Everyone needs to take email etiquette seriously, not just for reasons of good practice but also so as to ensure that your organisation is compliant with current data protection legislation.
So, what should you do, and equally importantly, what shouldn’t you do?
Think twice before you press the ‘send’ button; are you actually permitted to share other persons’ email addresses? Sharing email addresses in emails is an act of ‘processing personal data’ and therefore needs to be covered by one of the six lawful bases under GDPR, namely consent, contract, legal obligation, vital interest, legitimate interest and public interest.
If you are relying on legitimate interest as the lawful basis, you will also need to perform a three-step assessment in advance of the processing activity, namely the purpose test, the necessity test and the balancing test. Separately you should also consider any confidentiality issues when sending emails.
Once you and your organisation have incorporated data protection compliance into all your processing and business activities, this way of operating will hopefully become a natural part businesses processing activities. This will not happen by itself. Your organisation needs to implement policies and procedures as well as data protection staff training in order to achieve these aims.
We at Ordered Company are here to help you in making your business compliant with data protection legislation. Contact us for a free of charge first consultation on how we can be of benefit to you.
Please feel free to email us at firstname.lastname@example.org, or call us on 01343 813 745 if you have any queries.