On 17 January 2020, the Belgian Data Protection Authority (DPA) published new guidelines relating to the processing of personal data for direct marketing purposes. By introducing these new guidelines, the Belgian DPA wants to create more (legal) certainty for companies on how to be compliant with the General Data Protection Regulation (GDPR) when making use of direct marketing. This is the first post-GDPR recommendation of the DPA.
In its guidelines, the Belgian DPA provides a definition of what is to be understood under direct marketing:
“Any communication, in any form, solicited or unsolicited, originating from an organisation or a natural person and directed at the promotion or sales of services, goods (whether or not against payment) as well as trademarks or ideas, addressed by an organisation or natural person active in a commercial or non-commercial context, which is directly directed to one or more natural persons in a private or professional context and which entails the processing of personal data.
Furthermore, the Belgian DPA has clarified every element of this definition by making use of practical examples.
The Belgian DPA has made several recommendations in its guidelines on how to be compliant and how to protect personal data. Moreover, it has identified several elements that need to be taken into account when processing personal data for direct marketing purposes:
The Belgian DPA further explains the lawful and appropriate legal basis - including criteria that need to be met - for the processing of personal data for direct marketing purposes.
(This article is a summary of a longer analysis which can be found on the K law website)