The General Data Protection Regulation (GDPR) came into effect as EU legislation in May 2018 to govern how data about individuals must be processed and stored. Post Brexit, the UK continues to use the GDPR to ensure that data is kept secure and used responsibly.

PLAN GeoMaps are GDPR compliant. Information is drawn from a range of public sources and whilst this is still categorised as personal data, it can be used within the current legislative framework for business-to-business sales and marketing purposes.

Data is provided to our customers based on the 'legitimate interest' of enhancing marketing efficiencies for buyers and sellers within construction and related markets. Legitimate interest is one of the six lawful grounds for processing data under the GDPR. In a business-to-business context, opt-in consent is not required for PLAN to share this data with its customers and in any event, is not realistic or practical.

As the ICO states: “Legitimate interest is likely to be most appropriate where you use people’s data in ways they would reasonably expect and which have a minimal privacy impact, or where there is a compelling justification for the processing”. For business-to-business purposes, where customers are utilising PLAN data to identify companies and individuals that are likely to have a need for their products and services, this is appropriate.

Finally under the GDPR, once data has been passed from our system, our customer becomes the data controller and therefore must ensure that their collection, use, storage and retention of data complies with the GDPR. This is the case no matter where our customers source sales and marketing data from.