What to do to ensure your marketing campaigns are GDPR compliant.
Ensuring that you have a privacy notice on your website and informing your list of your new privacy notice is pretty much all you need to do to make sure that your existing mailing list is legal.
Using your data
Unless you are storing a lot of information that would be unnecessary for the purposes of marketing or fall into special categories of data (sexual, political, religious and/or ethnic profiling), or where there would be surprise from the data subjects if they knew what you were storing or how you were using the data, consent is not really necessary. Marketing to people who have given you their details, and who you know have a 'legitimate interest' in the company, is acceptable.
Those who have requested information from you in person, given you their card, or who have signed up to your website, are acceptable data subjects as long as you don't do anything obscure with their data. This can include selling it, giving it away and sending them messages they are not expecting to receive.
Tools in Artlogic will help you to identify the data subjects who are 'leads' rather than clients, suppliers or professional contacts.
Find this by going into a contact record and scrolling down to the reason for processing personal data section.
To better understand GDPR regulations better, we have spoken to a number of lawyers and attended an event in 2018 put on by Stephenson Harwood for the Society of London Art Dealers (SLAD). We also ran our own workshop in 2018 with a different law firm on the matter.
More things to consider
For more information on GDPR compliance, see: