GDPR and Debt Collection – how does it affect you?

GDPR and Debt Collection – how does it affect you?

In this blog we cover GDPR and not letting it being a barrier for business. We cover legitimate interest and contract positions.

Data is the lifeblood of Debt Collection agencies. Without it they simply cannot do the job of chasing your non-paying customers.

You may have reached the stage where you have decided your finances are stretched and you need some help to resolve the situation. This is probably the right time to involve a debt collection company to assist you in recovering your monies and regaining control of your cash flow once again.

GDPR – a barrier for business?

However, you’re then struck with the worry, and often confusion, that to do this, you must pass over a certain amount of customer’s data. The thoughts of General Data protection regulation and the hard work you’ve been through to become compliant yourself, spring quickly to the forefront of your mind. What am I legally allowed to do now?

Do I need consent?

Following the implementation of the General Data Protection Regulations (GDPR) on 25th May 2018, if you haven’t obtained your customer’s consent to pass on their data, businesses are worried that the GDPR rules now prevent you from passing over this data.

Let’s face it; getting consent from a customer who is avoiding paying you is not generally going to be easy or even possible. At this point, it’s worth checking in case you have something in your terms and conditions which enables you to pass over the data in the event of non-payment. If you don’t then you may certainly wish to insert a debt collection rights clause into your contracts and terms and conditions.

However, even if you do not have such a clause or term, providing that you are passing the data under one of the 6 lawful basis of processing data, you are able to pass this over and collection action can begin.

There are 6 lawful bases for processing data, as set out on the Information commissioner’s office (The UK’s independent authority setup to uphold information rights in the public interest) website here: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing

Legitimate interest

Two of the most common are passing data under a ‘legitimate interest’ and ‘contract’. If you have contracted with a customer to carry out services or to supply goods and have not been paid for the same then these two cases are both legitimate reasons to pass over your customer’s data in order to pursue debts.

However it is vital that the Debt Collection Company that you use also has a privacy statement which sets out the basis for processing data and also sets out the required GDPR measures it must have in place. This protects you and ensures that you have passed over data to a legitimate GDPR compliant company.

The GDPR is there to protect the data of individuals and is not a barrier for businesses who wish to justifiably pass over their customer’s data when those customers have failed to make payment of overdue invoices.

Why not give Daniels Silverman a try? We are fully GDPR compliant and our debt collection and credit control services are outstanding, and we have the experience to prove it. Find out more by visiting our website and starting a webchat, or give one of our business development team a call on 0800 954 3632.