We are pleased to announce beaton's expanded and updated Privacy and Confidentiality Policy. The Policy may be found here.
Publication of our expanded and updated Privacy and Confidentiality Policy coincides with the opening of entries for the 2019 Client Choice Awards.
In an environment of growing cyber uncertainty, risk and regulation, beaton strives to be a good citizen by complying fully with the letter and spirit of the law.
We have increased the Policy's transparency surrounding how personal data is collected, the purposes for which it is collected, and the rights of those from whom data is collected to meet the stipulations under the General Data Protection Regulation (GDPR) from the EU.
The Policy has also had a visual update, including the use of "icons in order to give in an easily visible, intelligible and clearly legible manner, a meaningful overview of the intended processes" [Regulation (EU) 2016/679, Recital 60].
Several firms have asked us how GDPR affects their ability to use our services. It would not be appropriate for us to be offering legal advice or guidance, however we make the following statement about how we handle the data of our clients, including the use of third party providers:
Beaton Research + Consulting ('beaton') is striving to be good citizens in how for ourselves we interpret and comply with the letter and spirit of privacy laws, including the General Data Protection Regulation ('GDPR'). Accordingly, we are making the following statement of our position. We trust our example is helpful to you. This statement does not constitute advice or guidance.
The lawful basis upon which beaton collects information on our clients (e.g. name, email address, organisation) is our legitimate interest [Regulation (EU) 2016/679, Article 6(1)f] in collecting and using this information given there is “a relevant and appropriate relationship between the data subject and the controller in situations such as where the data subject is a client or in the service of the controller” [Recital 47] and processing this information helps us deliver better service to our (i.e. beaton’s) clients. We believe that using that personal data (i.e. email addresses) to collect client feedback constitutes processing for the same purpose, i.e. helping us deliver better service to our clients.
Even if our use of the data was determined to be for a different purpose, we believe asking for feedback from our clients satisfies GDPR’s criteria for using collected personal data for a further compatible purpose [Article 6(4)], namely:
There is a clear link between using these contact details to deliver service and using these contact details to ask for feedback on that service,
The context of asking for evaluation of a service after having delivered it,
That the personal data (i.e. name, email addresses, organisation) is not considered a special category,
The only consequences would be potential minor annoyance at receiving a request-for-feedback email (to which clients can opt-out), and
That we ensure appropriate safeguards are in place to protect that data (e.g. pseudonymisation, kept for no longer than is necessary).
Shanan Kan is beaton's Product Manager, overseeing the beatoncompass reports on trending topics using clients’ insights to inform firms’ strategies. With a background in psychology, his passions include UX, gameful design and data communication. Connect with him on LinkedIn or reach out on Twitter @ShananKan