cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
ThierryN
Newcomer I

GDPR and business emails...

Dear all, 

 

Email related info are considered by the GDPR as being personal data.

So there must be a legal base to guarantee the processing of them is legal.

I do not imagine the consent of the data subject being this legal base…

 

How would you then handle this ? Legitimate interest ?

 

Thanks,

Thierry

 

2 Replies
Laurie-Anne
Newcomer I

Hi,

 

You can use the contract basis, as long as use of the email is required for the individuals to perform their work.

You should, however, ensure that you have some kind of acceptable use policy that explain to your users what what authorized use of their email for personal reason is. You also need to explain them any other processing of their emails (anti-virus scan, for example (here you can use the legitimate interest)).

 

Note, that consent from employees will most of the time not be considered as free; so not compliant.

flyingboy
Newcomer III

There is 2 sides to this. If I provide you my business contact information (eg. email address) for business purposes and I obtain email enquires or proposal on company matters, that is legitimate interest. However, I start receiving propositions on personal health or financial products, the use of previously collected data is not allowed.