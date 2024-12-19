Sign up to our Business newsletter Sign up Thank you for signing up! Did you know with a Digital subscription to Yorkshire Post, you can get access to all of our premium content, as well as benefiting from fewer ads, loyalty rewards and much more. Learn More Sorry, there seem to be some issues. Please try again later. Submitting...

However, while embracing the season of giving and spreading cheer, businesses must remain vigilant about protecting customer data and complying with regulations or risk landing on Santa’s naughty list.

Sending festive greetings is a cherished tradition, but modern methods like e-cards and email campaigns bring new risks.

One major concern is the potential for malicious attachments. Think twice before clicking on that festive email; it might conceal malware. Businesses should ensure all communications are secure, and staff are trained to identify phishing attempts.

Philip Brining shares his expert insight

Data protection laws also play a critical role. The General Data Protection Regulation (GDPR) and the Privacy and Electronic Communication Regulations (PECR) govern how businesses can communicate with customers.

GDPR doesn’t interfere with the sending of festive greetings for our own domestic, personal, household purposes, but it does affect the sending of festive greetings in a work-setting. So, engage in good practice and be sure to BCC all recipients. No one wants to be accused of misusing data or of a data breach.

For e-cards, the Privacy and Electronic Communication Regulations (PECR) sit alongside the GDPR and regulate the sending of unsolicited direct marketing by electronic methods such as email and SMS.

If your message is promotional “Here’s five per cent off for the holidays!” it may require prior consent.

Non-promotional messages, like a simple “Season’s Greetings,” are less likely to fall under these rules. Still, consent must be informed and specific, so vague agreements to receive “marketing” are insufficient.

Additionally, the PECR distinguishes between private and corporate recipients.

Messages sent to corporate addresses may have looser restrictions, but this doesn’t absolve businesses of their duty to ensure compliance. When in doubt, consult a privacy expert to navigate these nuanced regulations.

If you collect information on new customers or prospects during Christmas promotions, be sure to provide suitable privacy information setting out how and why you intend to use the information. Don’t hamstring yourself by drafting the privacy notice too narrowly.

Collecting data for a Christmas promotion means just that and it may be that you are unable to use it beyond Christmas. Be sure that the privacy information accurately describes how you intend to use the data.

And finally, with holidays and skeleton staffing, make sure that your security incident and data breach processes are capable of working with restricted staffing. If data breaches must be reported to your Data Protection Officer who has chosen to spend Christmas in Barbados – what are the alternative provisions? Remember that personal data breaches must be reported to the Information Commissioner within 72 hours of their detection unless it is unlikely to present a risk to people’s privacy and other fundamental rights.

Christmas is a time of increased activity, making businesses more vulnerable to data and security breaches. While sending Christmas cards and campaigns is a great way to build and retain your customer base, it’s essential to comply with data protection regulations. Stay vigilant and avoid ending up on Santa’s naughty list!