Inspiring Business by Sharing Success

Festive data protection warning to businesses

The hallowed Christmas tradition of lawyers  warning about HR liabilities arising from the office Christmas party has, since the passing of the General Data Protection Regulation (GDPR), been joined by a second set of warning messages about the threat to businesses who send corporate Christmas cards to clients, observes data protection specialist Susan Hall.

Susan, a partner at national law firm Clarke Willmott LLP, says while it is important for businesses to grasp data protection rules before putting cards in the post, reports of the death of the corporate Christmas card have been greatly exaggerated.

“Sending cards during the festive season is a treasured tradition and a great way to keep connected with valued clients and suppliers and there is no reason that has to stop,” said Susan.

“However, it’s vital that businesses do so in a compliant manner. First, all marketing lists need to be kept up to date and regularly pruned, so that people who have objected in the past to receiving marketing material do not remain on Christmas card lists, and people who have not dealt with a business for many years are also dropped. Secondly, businesses need to co-ordinate their card-sending efforts, so that the same person does not receive the same card five times from different individuals.

“Information relating to religious beliefs is “sensitive personal data” requiring additional safeguards. Any decision to send or not to send cards to specific recipients based on assumptions or knowledge about those individuals’ religious beliefs needs to be handled with very great care.

“Subject to the above, Christmas cards should be seen as no different from other marketing communications when they originate within a business to a business context, and people need to consider the same issues with respect to them as they would with any other marketing communication. It is unlikely that a business would suffer major consequences simply with respect to a Christmas card sent to an unwilling recipient , but it might be a symptom of a badly managed approach to data issues within the organisation as a whole, which could give rise to much more serious problems.”

Many firms now send e-cards as a green option or to save on costs. Susan adds that in this case they must also comply with electronic marketing data protection rules.

“If sending a corporate Christmas greeting electronically, people must also adhere to the Privacy and Electronic Communication Regulation (PECR) rules on electronic marketing.

“The PECR sits alongside data protection and GDPR rules and outlines specific privacy rights in relation to electronic communications. In particular, it makes consent mandatory for any direct marketing by email. There is a limited exception for existing clients and prospects, but even in this case all direct marketing communications (which would include a Christmas card) needs to offer an “unsubscribe” option which is then respected for future communications.”

For PECR breaches action can include criminal prosecution, non-criminal enforcement and audit or a monetary penalty notice imposing a fine of up to £500,000.  Also, individuals aggrieved by the use of their data have a direct right of action.

Latest figures show the UK greeting card market is worth £1.7bn, with Christmas making up just under half of that. This represents 100 million single and 900 million boxed Christmas cards sold in the UK.

Charities estimate £50m is raised for good causes by charity Christmas cards each year.

The commercial Christmas card was invented in 1846 by Sir Henry Cole, chief organiser of the Great Exhibition, pioneer of the penny post and founder of the V&A Museum.

Clarke Willmott is a national law firm with offices in Birmingham, Bristol, Cardiff, London, Manchester, Southampton and Taunton.

For more information visit www.clarkewillmott.com


< Back