Is it "legal" to process personal data from public registers or social networks?

Do you want to reach or market to contacts that are publicly available? What do you think? Can you or are there pitfalls associated with doing so?

Have you got a brilliant idea in your head for the perfect marketing campaign? It is certainly very tempting to look up the company's managing directors in the register and address the offer directly to them. Or have you gone to the trouble of searching on social media for the information that users publicly state about themselves and created your own database? Be careful.

If there is any further use of the published data, you need to consider the purpose for which the personal data was published. It cannot be used for any other purpose without meeting the compatibility test. And what is actually assessed under this test? For example, it may be an assessment of the relationship between the original and new purposes of the processing, the possible risks associated with the new processing or the security safeguards.

Did you pass the compatibility test? Even so, this does not mean that you can automatically use the data. The next step, which is absolutely necessary, is to secure the legal basis, which in this case will most often be the legitimate interest of the controller. It is important that you document your assessment of legitimate interest carefully and be prepared to produce it for inspection if requested by the Data Protection Authority.

Are you unsure whether the contacts you have obtained from public registers or social media can be used for your marketing purposes? Contact our team and we'll be happy to go through everything with you.