As reality kicks in, we are now seeing clients react in various ways to be GDPR Compliant. As a telemarketing supplier, we are data processors to our clients’ data controller status.
In the first instance we are being asked to sign new data processing agreements before undertaking the next campaign, this is all fine but can slow down the process of getting a campaign up and running.
We also need to have a flag in the data to show on what basis we are processing client data, this will be either contractual, legitimate interest or consent in most cases of B2B processing. If we are processing on the grounds of consent then it is best practice to provide us with the date and description of that consent.
For all telemarketing calls we must have a current TPS/CTPS flag supplied, even if you have an existing relationship with your database. This screening is only valid for 28 days, so if your campaign runs over this period then it will need to be screened every 28 days ongoing.
We are allowed to call all data that has not opted out of receiving a call or is listed on the TPS/CTPS register. We can call them even if they have opted out of email marketing. If they request further information via email on the call, then we can send a one off email, even if they have opted out.
Did you know that you should be identifying sole traders and partnerships because the rules for these are the same as for individuals, meaning that we can call them if they have not opted out but you need consent to email them and cannot rely on legitimate interest.
If you cannot tell which records this applies to in your data then it is something that we can find out via a campaign and/or run a separate campaign to capture them and ask for consent?
It Is also possible to call people who have opted out and ask them if they want to opt in to receive emails, however, you cannot email them to ask.