My Account
Basket (0)
Contact Us Email Newsletters

GDPR is Here to Stay – How are You Doing (part 3)?

By David Norris

In this third part in our series of GDPR articles, we consider the need for firms to have appropriate reasons for communicating to clients or holding and processing personal data.

Basis of compliance

There are a number of ways in which firms may wish to communicate with clients - for example in relation to the service directly provided, to impart information about regulatory changes or to encourage them to engage the firm in new products and services.

In principle, firms should have good justification as to why they are communicating with individuals and how they are using that person’s data. For example, with updated engagement letters in place (as mentioned in our previous article), firms can communicate with individuals regarding services they have been engaged to perform, such as personal tax returns. It would be crazy to suggest that a firm cannot contact an individual about his tax returns if the firm has been asked to prepare it!

However, things get a little bit more challenging where the firm is looking to communicate another service or issue. In principle though, if the firm is communicating to an existing client about issues that will affect that client, then that would be a lawful basis for communication and so no consent is needed (although it is recommended to try and encourage existing clients to 'opt-in' to your marketing communications nevertheless, as this provides you with an increased level of security). This would cover newsletters and other direct mailing about related services offered by the firm. This is referred to as ‘legitimate interest’. Making Tax Digital is a prime example of this – clients would expect you to tell them how MTD affects them and how you can help, even if they had not specifically asked for information on it. However, the basis of communicating with clients (by way of 'legitimate interest' alone) is of course over-ruled where the client has specifically opted-out (i.e. asked to be removed from communications).

The other way to justify communicating with clients is to obtain their permission or consent. This is often discussed in the press and you will have no doubt been contacted about this problem by various online retailers, but most accountants do not have the systems to properly record consent. If you do want to consider recording consent, it must be specific and documented.

Where you have had no contact at all with a prospective client, it will be much harder to justify any lawful basis for sending marketing communications. Great care should be taken in such circumstances to avoid sending communications to non-clients who have not opted-in to your communications or engaged with you in some way. Ensuring you have documented opt-in’s for such prospective clients is therefore critical.


Take the time to review your marketing strategy and consider if your database can justify the marketing activities you are undertaking. Certainly, if your marketing database is separate from your practice database, great care will be needed to ensure that when clients leave they are removed from the advertising database.

On the other hand, informing existing clients of related services that the firm can provide, carries far less risk than attempting to send marketing communications to prospective clients with whom the firm has had no dealings with at all.

How we can help

We provide a range of tools to help support firms with GDPR. Click here to find out more.


November 2018 


This article is published with the understanding that SWAT UK Limited is not engaged in rendering legal or professional services. The material contained in this article neither purports, nor is intended to be, advice on any particular matter. This article is an aid and cannot be expected to replace professional judgment. SWAT UK accepts no responsibility or liability to any person in respect of anything done or omitted to be done by any such person in reliance, whether sole or partial, upon the whole or any part of the contents of this article.