[[{"@context":"http:\/\/schema.org","@type":"Article","@id":"https:\/\/www.the-future-of-commerce.com\/2021\/04\/27\/gdpr-definition-general-data-protection-regulation-affect-business\/#Article","articleBody":"Looking at GDPR and how a consent management platform can affect your business is something we should all be doing. The battleground around customer consent versus legitimate interest is a fierce one. When the UK passed its GDPR standard for how companies can collect and process consumer data, it sent shockwaves throughout the world. Yet, it was only the first such standard. Canada has since issued its own standard, as has the state of California.\u00a0\nWhat is GDPR?\nGDPR defined: GDPR stands for the General Data Protection Regulation. It\u2019s the toughest data privacy and security law in the world. Though drafted and signed into law by the European Union (EU), GDPR carries heavy legal responsibilities for organizations around the globe if they collect data related to EU citizens. GDRP went into effect on May 25, 2018.\nSoon, updates to Apple and Google operating systems will further anonymize data, making it harder for companies to understand how users found their sites to begin with. This has Facebook highly concerned, given its primary revenue driver is its ad product \u2013 and without proper attribution, companies won\u2019t be able to tell how effective an ad on Facebook, or its other properties like Instagram, really is. It will soon be the baseline that all companies employ a consent management platform.\n \nFace the music: Apple privacy changes hit e-commerce marketing\n Apple privacy changes are right around the corner, and marketers who rely on Facebook ads are bracing for major impact. Here's what you need to know. \nImpact of General Data Protection Regulation (GDPR) for online businesses\nBut for now, let\u2019s look at GDPR, the original consumer data privacy policy. All others pull on similar language and use cases, making GDPR a standard policy. There are two sections in particular that marketers need to know with GDPR documentation:\nGDPR Article 6(1)(a) \u2013 Consent as a lawful basis for processing data: The data subject has given consent to the processing of his or her personal data for one or more specific purposes;\nGDPR Article 6(1)(f) \u2013 Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.\nThose two articles break down what\u2019s known as consent collection and legitimate interest collection. Let\u2019s make sure you gain a good understanding of both.\u00a0\nHow your organization can become GDPR compliant: Sorting out customer consent once and for all\nBecoming GDPR compliant relies upon customer consent.\nCustomer consent is considered the gold standard of data collection: A consumer must click a button (that cannot be pre-filled) to say that they agree to give their information to the company. A consent management platform streamlines the process of securing consent.\nYou\u2019ve undoubtedly seen these on a variety of sites you\u2019ve visited recently. Here\u2019s an example from SAP\u2019s Future of Commerce website:\nCustomer consent requires the customer \u2013 each and every individual one \u2013 to physically consent to the collection and processing of their data.\u00a0\n \nHow to build customer loyalty by making data privacy a priority\n A solid data privacy platform is crucial to earning customer trust and loyalty. So why aren't more companies providing one? \nIndeed, SMS TCPA policies require something similar for text message marketing. \nMuch like customer consent\u2019s requirement to not have a box pre-checked and to require physical consent, TCPA policies also require a physical agreement to be sent text messages, and that agreement cannot be pre-checked. Further, the language for the agreement must include information on how often a user will get sent messages, and how to unsubscribe and stop all messages.\u00a0\nGDPR is not alone, then, in this requirement for a more manual consent process. Organizations can choose to wait it out, but the necessity of a consent management platform is the writing on the GDPR wall.\n \nIn like a lion: Data privacy roars to life as Google is hit with massive GDPR fine\n According to experts, data privacy is now crucial to businesses. The massive GDPR fine levied against Google seems to prove it. \nHow to generate a GDPR compliant privacy policy and define legitimate interests\nLegitimate interest is more of a gray area within GDPR, and as a result, many marketers prefer it. Adding a requirement for a manual agreement for data collection adds friction to a website, and friction can severely reduce conversion. It is understandable that there may be resistance to implementing a consent management platform, however, in the end, it will be something that adds value for both consumers and companies.\nThe Information Commissioner\u2019s Office (ICO), a UK-based independent authority that guides businesses on how to apply UK\u2019s data privacy laws such as the GDPR, has offered guidance for companies on how to generate a GDPR compliant privacy policy and interpret legitimate interest. ICO explains:\nThe processing is not required by law but is of a clear benefit to you or others;\nThere\u2019s a limited privacy impact on the individual;\nThe individual should reasonably expect you to use their data in that way; and\nYou cannot, or do not want to, give the individual full upfront control (ie consent) or bother them with disruptive consent requests when they are unlikely to object to the processing.\nThis makes legitimate interest far more flexible than customer consent.\u00a0\nWhen to use consent v. legitimate interest: A handy legitimate interest assessment\u00a0\nBased on our breakdown of consent versus legitimate interest so far, you might be thinking that it\u2019s just easier to use legitimate interest in all cases. That\u2019s not necessarily true. In fact, the ICO has made it clear that you cannot use legitimate interest as the default collection method for your company.\u00a0\nAlthough legitimate interest is a flexible concept and will often be relevant, it does not apply to everything and you are not able to use it as the default basis for all your processing.\nThis is why most websites ask for consent upon you landing on the site. A consent management platform makes that process seamless.\u00a0\n \nHow to win customer trust: 5 strategies to earn loyalty\n Customer trust is at the center of everything. Follow these five principles to understand, build, and maintain customer trust. \nSo, when can you use legitimate interest? Luckily, the ICO offers a three-part test for determining if legitimate interest can apply for your project, website, etc.\nPurpose test \u2013 is there a legitimate interest behind the processing?\u00a0Under the purpose test, you need to ask yourself if the data collection is ethical, legal, and for the benefit of both your company and the consumer. And then, you need to clearly state the purpose behind wanting to process that data without consent (or under legitimate interest).\nNecessity test \u2013 is the processing necessary for that purpose?\u00a0Using the necessity test, you need to demonstrate that there is no other less invasive way to achieve your goal, and ensure that the processing is proportionate to achieving your aims.\nBalancing test \u2013 is the legitimate interest overridden by the individual\u2019s interests, rights, or freedoms?\u00a0Finally, under the balancing test, you need to ensure that processing the data doesn\u2019t infringe on the rights and freedoms of the individual.\u00a0\nAll right \u2013 so, this three-part test isn\u2019t all that helpful. Let\u2019s look at a few examples instead.\u00a0\nApplying the three-part test: GDPR legitimate interest examples\nThe following scenarios are offered by the ICO in their documentation to help companies better understand how to apply the three-part test and ultimately which data collection and information practices to use.\u00a0\nThe charity case.\u00a0\nA charity wants to send fundraising material by post to individuals who have donated to them in the past but have not previously objected to receiving marketing material from them.\nThe charity\u2019s purpose of direct marketing to seek funds to further its cause is a legitimate interest.\nThe charity then looks at whether sending the mailing is necessary for its fundraising purpose. It decides that it is necessary to process contact details for this purpose and that the mailing is a proportionate way of approaching individuals for donations.\nThe charity considers the balancing test and takes into account that the nature of the data being processed is names and addresses only and that it would be reasonable for these individuals to expect that they may receive marketing material by post given their previous relationship.\nThe charity determines that the impact of a fundraising mailing on these individuals is likely to be minimal however it includes details in the mailing (and each subsequent one) about how individuals can opt-out of receiving postal marketing in the future.\nThe business seminar case of GDPR.\u00a0\nIndividuals attend a business seminar and the organizer collects business cards from some of the delegates.\nThe organizer determines that they have a legitimate interest in networking and the growth of their business. They also decide that collecting delegate contact details from business cards is necessary for this purpose.\nHaving considered purpose and necessity the organizer then assesses that the balance favors their processing as it is reasonable for delegates handing over business cards to expect that their business contact details will be processed, and the impact on them will be low. The organizer also ensures that it will provide delegates with privacy information including details of their right to object. The organizer subsequently collates the contact details of the delegates and adds them to their business contacts database.\nThere are no legitimate interest loopholes: It\u2019s about ethical data practices\nOn the fence about what to use? Start with the gold standard of consent. From there, expand into legitimate interest but always do your best to explain upfront what data will be collected and for what purposes. Finally, always allow recipients of marketing material to opt-out of a list of being sent information \u2013 even if that information is based on consent or legitimate interest. Begin to build toward a consent management platform by establishing how your company will treat consent and data as a practice.\nIn other words, treat consumer data the way you\u2019d want yours treated. GDPR requires companies to simply think a bit harder about what data they are collecting, if they need to be, and how to do so in an ethical way.\u00a0\nSome companies are taking this standard to a new level and using ethical data collection and transparency as a marketing tactic in their own right. Let\u2019s look at Lush for instance. They have made Data Ethics a pillar of their company values.\u00a0\n\u201cNow more than ever people are aware of how critically valuable their personal data is. In its lightest form, it is the tweets you post, the photos you upload, the people you DM. In its darkest forms, it is a tracker on your identity, an algorithm deciding whether you should be on a kill list. It is our belief that Data Privacy is a fundamental human right. The ethical data policy is about ensuring that all of Lush\u2019s staff and customer data is secure and transparent. Our customers and staff have the right to know what we hold about them.\u201d\nAs more and more countries, states and the like adopt GDPR-type standards, we are likely to see more and more companies adopting digital ethics best practices as internal values, and then using those as marketing fodder. This is the ideal goal of consumer data privacy and protection policies. Integrating a consent management platform is a transparent investment in respecting your customers.\u00a0\nCustomers first. Engagement, loyalty, and long-term trust follows. Watch our interactive CDP demo\ud83d\udc40","author":{"@type":"Person","@id":"https:\/\/www.the-future-of-commerce.com\/2021\/04\/27\/gdpr-definition-general-data-protection-regulation-affect-business\/#Article_Person","image":{"@type":"ImageObject","@id":"https:\/\/www.the-future-of-commerce.com\/2021\/04\/27\/gdpr-definition-general-data-protection-regulation-affect-business\/#Article_Person_ImageObject","url":"https:\/\/23x6xj3o92m9361dbu2ij362-wpengine.netdna-ssl.com\/wp-content\/uploads\/2019\/07\/Tracey-Wallace-150x150.jpg"},"name":"Tracey Wallace","sameAs":"https:\/\/twitter.com\/TraceWall","url":"https:\/\/www.the-future-of-commerce.com\/contributor\/tracey-wallace\/"},"dateModified":"2021-11-29T22:31:15+00:00","datePublished":"2021-04-27T06:01:03+00:00","description":"Learn the definition of GDPR and how a consent management platform can improve General Data Protection Regulation compliance and even CX.","headline":"What is GDPR and how will it affect your business?","image":{"@type":"ImageObject","@id":"https:\/\/www.the-future-of-commerce.com\/2021\/04\/27\/gdpr-definition-general-data-protection-regulation-affect-business\/#Article_ImageObject","height":"630","url":"https:\/\/www.the-future-of-commerce.com\/wp-content\/uploads\/2021\/04\/consentVinterest_1200x375-1200x630.jpg","width":"1200"},"mainEntityOfPage":"https:\/\/www.the-future-of-commerce.com\/2021\/04\/27\/gdpr-definition-general-data-protection-regulation-affect-business\/","name":"What is GDPR and how will it affect your business?","publisher":{"@type":"Organization","@id":"https:\/\/www.the-future-of-commerce.com\/","additionalType":"https:\/\/www.wikidata.org\/wiki\/Q1193236","description":"Relevant, timely information & analysis on commerce trends, both consumer-facing and B2B.","logo":{"@type":"ImageObject","@id":"https:\/\/23x6xj3o92m9361dbu2ij362-wpengine.netdna-ssl.com\/wp-content\/themes\/hybris_foc\/assets\/images\/layout\/logo-new-2x.png?_=1","height":"96","url":"https:\/\/23x6xj3o92m9361dbu2ij362-wpengine.netdna-ssl.com\/wp-content\/themes\/hybris_foc\/assets\/images\/layout\/logo-new-2x.png?_=1","width":"500"},"name":"The Future of Customer Engagement and Experience","sameAs":["https:\/\/podcasts.apple.com\/us\/podcast\/a-call-for-a-better-experience\/id1479742201","https:\/\/twitter.com\/FutureOfCEC","https:\/\/www.linkedin.com\/groups\/4844282","https:\/\/www.the-future-of-commerce.com\/feed\/"],"url":"https:\/\/www.the-future-of-commerce.com\/"},"url":"https:\/\/www.the-future-of-commerce.com\/2021\/04\/27\/gdpr-definition-general-data-protection-regulation-affect-business\/#Article"},{"@context":"http:\/\/schema.org","@type":"Organization","logo":{"@type":"ImageObject","url":"https:\/\/23x6xj3o92m9361dbu2ij362-wpengine.netdna-ssl.com\/wp-content\/themes\/hybris_foc\/assets\/images\/layout\/logo-new-2x.png?_=1","height":"96","width":"500","@id":"https:\/\/23x6xj3o92m9361dbu2ij362-wpengine.netdna-ssl.com\/wp-content\/themes\/hybris_foc\/assets\/images\/layout\/logo-new-2x.png?_=1"},"name":"The Future of Customer Engagement and Experience","sameAs":["https:\/\/podcasts.apple.com\/us\/podcast\/a-call-for-a-better-experience\/id1479742201","https:\/\/twitter.com\/FutureOfCEC","https:\/\/www.linkedin.com\/groups\/4844282","https:\/\/www.the-future-of-commerce.com\/feed\/"],"additionalType":"https:\/\/www.wikidata.org\/wiki\/Q1193236","url":"https:\/\/www.the-future-of-commerce.com\/","description":"Relevant, timely information & analysis on commerce trends, both consumer-facing and B2B.","@id":"https:\/\/www.the-future-of-commerce.com\/"},{"@type":["Article"],"@id":"https:\/\/www.the-future-of-commerce.com\/2021\/04\/27\/gdpr-definition-general-data-protection-regulation-affect-business\/#Article","@context":{"@vocab":"http:\/\/schema.org\/","kg":"http:\/\/g.co\/kg"},"url":"https:\/\/www.the-future-of-commerce.com\/2021\/04\/27\/gdpr-definition-general-data-protection-regulation-affect-business\/","publisher":[{"@id":"https:\/\/www.the-future-of-commerce.com\/"}],"author":[{"@type":"Person","@id":"https:\/\/www.the-future-of-commerce.com\/2021\/04\/27\/gdpr-definition-general-data-protection-regulation-affect-business\/#Article_author_Person","sameAs":"https:\/\/twitter.com\/TraceWall","image":[{"@type":"ImageObject","@id":"https:\/\/www.the-future-of-commerce.com\/2021\/04\/27\/gdpr-definition-general-data-protection-regulation-affect-business\/#Article_author_Person_image_ImageObject","url":"https:\/\/23x6xj3o92m9361dbu2ij362-wpengine.netdna-ssl.com\/wp-content\/uploads\/2019\/07\/Tracey-Wallace-150x150.jpg"}],"name":"https:\/\/www.the-future-of-commerce.com\/contributor\/tracey-wallace\/","url":"https:\/\/www.the-future-of-commerce.com\/contributor\/tracey-wallace\/"}],"subjectOf":[{"@type":"FAQPage","@id":"https:\/\/www.the-future-of-commerce.com\/2021\/04\/27\/gdpr-definition-general-data-protection-regulation-affect-business\/#Article_subjectOf_FAQPage","mainEntity":[{"@type":"Question","@id":"https:\/\/www.the-future-of-commerce.com\/2021\/04\/27\/gdpr-definition-general-data-protection-regulation-affect-business\/#subjectOf_FAQPage_mainEntity0","name":"What is GDPR?","acceptedAnswer":[{"@type":"Answer","@id":"https:\/\/www.the-future-of-commerce.com\/2021\/04\/27\/gdpr-definition-general-data-protection-regulation-affect-business\/#subjectOf_FAQPage_mainEntity0_acceptedAnswer_Answer","text":"Soon, updates to Apple and Google operating systems will further anonymize data<\/a>, making it harder for companies to understand how users found their sites to begin with. This has <\/span>Facebook highly concerned<\/span>, given its primary revenue driver is its ad product \u2013 and without proper attribution, companies won\u2019t be able to tell how effective an ad on Facebook, or its other properties like Instagram, really is. It will soon be the baseline that all companies employ a consent management platform.<\/span>"}]},{"@type":"Question","@id":"https:\/\/www.the-future-of-commerce.com\/2021\/04\/27\/gdpr-definition-general-data-protection-regulation-affect-business\/#subjectOf_FAQPage_mainEntity1","name":"Impact of General Data Protection Regulation (GDPR) for online businesses","acceptedAnswer":[{"@type":"Answer","@id":"https:\/\/www.the-future-of-commerce.com\/2021\/04\/27\/gdpr-definition-general-data-protection-regulation-affect-business\/#subjectOf_FAQPage_mainEntity1_acceptedAnswer_Answer","text":"But for now, let\u2019s look at GDPR, the original consumer data privacy policy. All others pull on similar language and use cases, making GDPR a standard policy. There are two sections in particular that marketers need to know with GDPR documentation<\/a>:<\/span>\n
  • GDPR<\/span> Article 6(1)(a) \u2013 <\/span>Consent as a lawful basis for processing data:<\/b> The data subject has given consent to the processing of his or her personal data for one or more specific purposes;<\/span><\/li>\n
  • GDPR<\/span> Article 6(1)(f) \u2013 <\/span>Processing is necessary for the purposes of the legitimate interests<\/b> pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.<\/span><\/li>\nThose two articles break down what\u2019s known as consent collection and legitimate interest collection. Let\u2019s make sure you gain a good understanding of both. <\/span>"}]},{"@type":"Question","@id":"https:\/\/www.the-future-of-commerce.com\/2021\/04\/27\/gdpr-definition-general-data-protection-regulation-affect-business\/#subjectOf_FAQPage_mainEntity2","name":"How your organization can become GDPR compliant: Sorting out customer consent once and for all","acceptedAnswer":[{"@type":"Answer","@id":"https:\/\/www.the-future-of-commerce.com\/2021\/04\/27\/gdpr-definition-general-data-protection-regulation-affect-business\/#subjectOf_FAQPage_mainEntity2_acceptedAnswer_Answer","text":"Becoming GDPR compliant relies upon customer consent<\/a>.<\/span>Customer consent is considered the gold standard of data collection: A consumer must click a button (that cannot be pre-filled) to say that they agree to give their information to the company. A consent management platform streamlines the process of securing consent.<\/strong>You\u2019ve undoubtedly seen these on a variety of sites you\u2019ve visited recently. Here\u2019s an example from SAP\u2019s Future of Commerce website:<\/span>\"GDPR<\/a>Customer consent requires the customer \u2013 each and every individual one \u2013 to physically consent to the collection and processing of their data. <\/span>Indeed, SMS <\/span>TCPA policies<\/span><\/a> require something similar for text message marketing<\/a>. <\/span>Much like customer consent\u2019s requirement to not have a box pre-checked and to require physical consent, TCPA policies also require a physical agreement to be sent text messages, and that agreement cannot be pre-checked. Further, the language for the agreement must include information on how often a user will get sent messages, and how to unsubscribe and stop all messages. <\/span>GDPR is not alone, then, in this requirement for a more manual consent process. Organizations can choose to wait it out, but the necessity of a consent management platform is the writing on the GDPR wall.<\/span>"}]},{"@type":"Question","@id":"https:\/\/www.the-future-of-commerce.com\/2021\/04\/27\/gdpr-definition-general-data-protection-regulation-affect-business\/#subjectOf_FAQPage_mainEntity3","name":"How to generate a GDPR compliant privacy policy and define legitimate interests","acceptedAnswer":[{"@type":"Answer","@id":"https:\/\/www.the-future-of-commerce.com\/2021\/04\/27\/gdpr-definition-general-data-protection-regulation-affect-business\/#subjectOf_FAQPage_mainEntity3_acceptedAnswer_Answer","text":"Legitimate interest is more of a gray area within GDPR, and as a result, many marketers prefer it. Adding a requirement for a manual agreement for data collection adds friction to a website, and friction can severely reduce conversion. It is understandable that there may be resistance to implementing a consent management platform, however, in the end, it will be something that adds value for both consumers and companies.<\/span>The Information Commissioner\u2019s Office (ICO), a UK-based independent authority that guides businesses on how to apply UK\u2019s data <\/span>privacy<\/span> laws such as the <\/span>GDPR<\/span>, has offered guidance for companies on how to generate a GDPR compliant privacy policy and interpret legitimate interest. ICO <\/span>explains<\/span><\/a>:<\/span>\n
  • The processing is not required by law but is of a clear benefit to you or others;<\/span><\/li>\n
  • There\u2019s a limited <\/span>privacy<\/span> impact on the individual;<\/span><\/li>\n
  • The individual should reasonably expect you to use their data in that way<\/a>; and<\/span><\/li>\n
  • You cannot, or do not want to, give the individual full upfront control (ie consent) or bother them with disruptive consent requests when they are unlikely to object to the processing.<\/span><\/li>\nThis makes legitimate interest far more flexible than customer consent. <\/span>"}]},{"@type":"Question","@id":"https:\/\/www.the-future-of-commerce.com\/2021\/04\/27\/gdpr-definition-general-data-protection-regulation-affect-business\/#subjectOf_FAQPage_mainEntity4","name":"When to use consent v. legitimate interest: A handy legitimate interest assessment\u00a0","acceptedAnswer":[{"@type":"Answer","@id":"https:\/\/www.the-future-of-commerce.com\/2021\/04\/27\/gdpr-definition-general-data-protection-regulation-affect-business\/#subjectOf_FAQPage_mainEntity4_acceptedAnswer_Answer","text":"Based on our breakdown of consent versus legitimate interest so far, you might be thinking that it\u2019s just easier to use legitimate interest in all cases. That\u2019s not necessarily true. In fact, the ICO has made it clear that you cannot use legitimate interest as the default collection method for your company. <\/span>Although legitimate interest is a flexible concept and will often be relevant, it does not apply to everything and you are not able to use it as the default basis for all your processing.<\/span><\/i>This is why most websites ask for consent upon you landing on the site. A consent management platform makes that process seamless. <\/span>So, when can you use legitimate interest? Luckily, the ICO offers a three-part test for determining if legitimate interest can apply for your project, website, etc.<\/span>\n
  • Purpose test \u2013 is there a legitimate interest behind the processing?<\/strong> <\/span>Under the purpose test, you need to ask yourself if the data collection is ethical, legal, and for the benefit of both your company and the consumer. And then, you need to clearly state the purpose behind wanting to process that data without consent (or under legitimate interest).<\/li>\n
  • Necessity test \u2013 is the processing necessary for that purpose? <\/strong>Using the necessity test, you need to demonstrate that there is no other less invasive way to achieve your goal, and ensure that the processing is proportionate to achieving your aims.<\/li>\n
  • Balancing test \u2013 is the legitimate interest overridden by the individual\u2019s interests, rights, or freedoms?<\/strong> <\/span>Finally, under the balancing test, you need to ensure that processing the data doesn\u2019t infringe on the rights and freedoms of the individual. <\/span><\/li>\nAll right \u2013 so, this three-part test isn\u2019t all that helpful. Let\u2019s look at a few examples instead. <\/span>"}]},{"@type":"Question","@id":"https:\/\/www.the-future-of-commerce.com\/2021\/04\/27\/gdpr-definition-general-data-protection-regulation-affect-business\/#subjectOf_FAQPage_mainEntity5","name":"Applying the three-part test: GDPR legitimate interest examples","acceptedAnswer":[{"@type":"Answer","@id":"https:\/\/www.the-future-of-commerce.com\/2021\/04\/27\/gdpr-definition-general-data-protection-regulation-affect-business\/#subjectOf_FAQPage_mainEntity5_acceptedAnswer_Answer","text":"The following scenarios are offered by the <\/span>ICO in their documentation<\/span><\/a> to help companies better understand how to apply the three-part test and ultimately which data collection and information practices to use. <\/span>The charity case. <\/strong>A charity wants to send fundraising material by post to individuals who have donated to them in the past but have not previously objected to receiving marketing material from them.<\/span>The charity\u2019s purpose of direct marketing to seek funds to further its cause is a legitimate interest.<\/span>The charity then looks at whether sending the mailing is necessary for its fundraising purpose. It decides that it is necessary to process contact details for this purpose and that the mailing is a proportionate way of approaching individuals for donations.<\/span>The charity considers the balancing test and takes into account that the nature of the data being processed is names and addresses only and that it would be reasonable for these individuals to expect that they may receive marketing material by post given their previous relationship.<\/span>The charity determines that the impact of a fundraising mailing on these individuals is likely to be minimal however it includes details in the mailing (and each subsequent one) about how individuals can opt-out of receiving postal marketing in the future.<\/span>Individuals attend a business seminar and the organizer collects business cards from some of the delegates.<\/span>The organizer determines that they have a legitimate interest in networking and the growth of their business<\/a>. They also decide that collecting delegate contact details from business cards is necessary for this purpose.<\/span>Having considered purpose and necessity the organizer then assesses that the balance favors their processing as it is reasonable for delegates handing over business cards to expect that their business contact details will be processed, and the impact on them will be low. The organizer also ensures that it will provide delegates with privacy information including details of their right to object. The organizer subsequently collates the contact details of the delegates and adds them to their business contacts database.<\/span>