GDPR – just a courtesy call


If I had to pick the one phrase that makes my toes curl up, it is “hello, this is just a courtesy call”.

  • My first reaction is – if you have to tell me, then it isn’t courteous.
  • My second is – if you know to tell me, then you know it isn’t courteous.
  • and my third is – what are you selling?

And what has that got to do with GDPR?

Many organisations have your details because you have done business with them. You want delivery of your goods and services, you recognise the need to pay and you probably don’t mind a quick check to find out if you are satisfied.

However, some our current Data Protection Act isn’t altogether clear about other forms of contact. It allows the so-called soft consent of pre ticking ‘opt-in’ boxes and burying consent in the terms and conditions that no-one reads.

This means some organisations feel they have carte blanche – if not a right – to send us marketing material.

GDPR is much clearer

To contact us an organisation must have a lawful basis:

lawful basis for processing
To contact us, organisations must have a lawful basis. Only the six bases above count.

However, some organisations feel their legitimate interest in selling to us is stronger than our right to privacy. But they are wrong.

What’s more your rights apply equally at work, if your personal data is used to make the contact. That includes an email address with your name embedded in it – eg, And if you are a sole trader your business details have the same protection as non-business personal details.

So, don’t be surprised when you give someone a business card and they ask if they can contact you. It is just a courtesy call and should be welcomed.

What can we do?

When you buy something – at work or at home – look for the opt-in. Though you may see some unlawful opt-outs persisting after 25 May 2018.

If you are cold called or emailed (or, heaven forbid, receive a snail mail missive) say ‘I have not given consent, please remove me from your marketing list’. Emails should have an ‘unsubscribe’ link – just make sure that the email is from the company it says it is from before you click a link. You can return paper mail to the sender, be clear on the envelope that you do not want further post.

If the organisation repeats its mistake, you can report them to the Information Commissioner’s Office (ICO). But my guess is that the ICO will be swamped over the coming months, so be patient.

Leave a Comment

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.