GDPR Practical Thoughts 1B Business Cards
Last week I posed 6 reasons for exchanging business cards. Each is potentially impacted by GDPR.
All required thought about whether it was company or personal data and what the intent might be.
In each case behaviour and processes needed to be considered to stay the right side of the law.
GDPR Impacts on Business Cards
Company information is common information usually freely in the public domain so is not itself covered by GDPR. Contact details are personal information about an individual so are covered and the fact they work at the company in particular role is also personal information. What matters here are the behaviours, intent and how the data is used. So let’s look at the 6 reasons again.
- Identity check at a low level. Having verified the identity, it is what’s next that matters. If the card were an id badge you’d hand it back, but this isn’t usual business etiquette! So how do you dispose of the unneeded card carefully? I have a woodburner so they’re safely stored to keep me warm in winter!
- Background check on the company. Most things that are commonly available on the web are seen to be already in the public domain. An address is therefore not usually personal information if I can Google it, so is outside of GDPR. But if I can only find it on the dark web, then it is not public so is probably GDPRable.
- Contact details. If you post an individual’s email address on your site eg bobsales@acme you are putting that personal information into the public domain and it could be seen as fair game. The same goes for business cards but consider reason 4 and the need for explicit consent for anything beyond a couple of contacts.
- Meeting of minds. It would be reasonable to assume that you would connect this person at an agreed time or within the next 3 months? Within that timeframe most of us can vaguely remember meeting somewhere. But there must be some time limitation as clearly a year later is most unusual.
- Polite exchange. Late or no exchange is perhaps not as rude as is thought. It is often deployed with the ‘I’ve forgotten my cards’ routine. Actually saying no at this stage is perhaps the most honest approach. This is an opportunity to rethink your networking behaviour. Do you only swop cards after you have established what you have in common.
- Email bombard. This is always wrong. But your process might be to put the card on your CRM within 24 hours and then send an email stating how you might continue the relationship with their agreement. This is what you are doing when you send a personal individual email or make that call. It also requires you to think where in your sales and marketing funnel this individual belongs and to act appropriately.
Today is a good day to consider your own business card processes and how to make them compliant with the spirit and the letter of GDPR.
- GDPR Practical Thoughts 1A Business Card Process
- Summer Break, A Time for Work?