GDPR Our Policy and Experts
Discover how Barbour ABI meet GDPR standards when it comes to the use of data
The General Data Protection Regulation (GDPR) came into force on 25th May 2018 and covers the processing and controlling of the collection, storage and use of personal data. GDPR is a hot topic and we want to be clear about how our data and processes meet the new standard.
GDPR compliance is very important to us, and we have invested a lot of time and resource to get this right – over 4,500 hours so far – and have been working in consultation with Baker McKenzie throughout the process. Every individual within the business has a responsibility for our continued success and therefore everyone is fully immersed in our extensive GDPR compliance and training programme.
We have an in-house team of four GDPR specialists with over 18 years combined experience at Barbour ABI:
Please do contact one of the team if you have any questions about GDPR – as well as ensuring that our people, processes and systems are compliant, they are also here to help you.
Our data collection and processing methods:
- Barbour ABI use three lawful bases for processing personal data: legitimate interest, consent and contract. We have produced an unbiased legitimate interest assessment for each element of personally identifiable information that we process.
- Our lawful bases are stated in our privacy notice and are made evident to everyone who gives their consent for Barbour ABI to process their data. In practice, this means we continue to gain consent from industry professionals to pass on their email address as part of our project reports for our clients. We already record this in our database and will continue to do so.
- We are also members of the Direct Marketing Association (DMA) who provide best-practice marketing guidance underpinned by a code that puts the customer at the heart of everything they do.
- Our fully audited GDPR compliance documentation is available to view on request.
What this means to our clients:
You can continue to use our data to support your sales and marketing activities, as long as you adhere to GDPR regarding the collection, storage and use of personal data within your own business. We recommend that you take independent advice to ensure you comply. Using personal data for the purposes of electronic marketing communications continues to be covered by the Privacy and Electronic Communications Regulations 2003.
Barbour ABI general FAQs
We have collated a list of questions that we have been asked by our clients so far. If you have a question you would like us to answer that does not appear below, please do let us know at email@example.com.
The data we supplied prior to the 25th May 2018 adhered to the existing Data Protection Act (DPA) and the data we have supplied after the 25th May 2018 adheres to GDPR. GDPR does not mean you cannot process personal data, and the vast majority of data we collect will remain unchanged.
The Information Commissioner’s Office (ICO) does state that contact names are personal data, however you are still able to process personal data as long as you have a lawful basis for doing so. Our lawful bases allow us to continue to hold and process contact names.
If an individual has requested to be removed from our database then that individual will no longer appear on Barbour ABI. We advise all of our clients to extract and use the data within 24 hours. If you have extracted our data into your CRM, it will be your responsibility to update the records you hold
The data we supply to you remains the same. However, it is your responsibility to comply with GDPR for collection, storage and use of personal data within your business. Remember that under GDPR you are now the data controller and you now have to give data subjects’ enhanced rights around their personal data. You must also comply with existing regulations such as PECR and it remains your responsibility to adhere to our contracted terms and conditions.