Are your referrals GDPR compliant?
Recently a KoffeeKlatch customer asked in one of our groups: –
Is its GDPR compliant that our accountant has referred us to an IFA?
The IFA contacted us and knew all the details of our business and our finance but we had no idea when we handed over our books to a new accountant at the year end they were going to share our financial information in this way?
Old habits (or maybe new enthusiasms) die hard and it seems the accountant had a referral agreement with an IFA and something had triggered this.
For example, you would expect your accountant to submit your information to HMRC at the appropriate time. You would expect to see what was being submitted beforehand, but you would not necessarily expect to give permission each and every time. Your ‘sign off’ is about accuracy not about consent to submit to HMRC
How do you refer a client in a GDPR compliant way?
- No surprises. Make sure your client knows or has consented to you passing on their details to a 3rd party BEFORE you do so.
- Don’t rely on your data privacy small print. Work on the basis that clarity and transparency is all.
- Explain the purpose and extent of what you want to share. Rather than simply say we may share your details with a 3rd party, explain the purpose of the sharing and the extent of the data you want to share.
- No assumptions. Don’t assume it is all OK. Ask if it is OK to connect and give contact details AND if it is OK to share relevant information to help the 3rd party be useful. Be prepared for a no.
- The default is no. Remember it is your client who owns the data you want to share. So the default is No. Don’t assume you can unless told otherwise.
Referral marketing can be GDPR compliant
GDPR does not mark the end of referral marketing, but it does mark the end of the random of sharing of confidential information with 3rd parties when the client has not consented and could not reasonably expect it.
If your referral can genuinely help your client you will find little resistance if you let them know in advance why you want to do this and what you want to share.
But a breach of confidentiality and sharing without transparency or consent can have only one result if you are a professional business advisor – you will find you have lost your client. Clients have a much higher expectation of integrity and confidentiality than they ever had before.