Is It Legal to Sell Data Under the GDPR?

The General Data Protection Regulation (GDPR) came into effect in May 2018. However, many still fail to understand the different regulations and rules it contains. Particularly misunderstood is the law around being able to sell data. Below, we break down the legality of selling data under the GDPR, and how it can affect you.

What is the GDPR?

The GDPR is a European law on data protection and privacy for citizens of the European Union. However, it also affects all businesses that have dealings in Europe. Even if the business is not a European one, if it does significant business or has a base there, the laws will apply.

Under the GDPR, it’s necessary to protect your consumer’s data. Any company found negligent in this area may be penalised.

What data would be sold?

A common example of the data that may be sold is customer data. This is valuable as customers may be interested in accessing that client database to expand their business, or to learn further information.

However, customer data applies under ‘personal data’ for the purposes of the GDPR. This article explains in-depth the effect of personal data as regulated by the GDPR.

Is it legal to sell data?

It can be legal to sell your data under the GDPR. However, it depends on the context. Specifically, it depends on who you sell the data to and why. Below, we outline reasons that it may be illegal to sell data.

Discrimination

The data you sell can’t be sold to potentially discriminate someone based on their data. It cannot identify someone to punish them. If this is likely to occur, it is illegal to sell the data.

Accessibility

This considers how secure the data will be once sold. Officially, to be compliant with the GDPR the data must be secure. This includes from other businesses, people and even the government. This applies to companies with European Union Citizen Data.

The right to erase

The GDPR outlines that users must have the right to request their data gets removed. Who you sell the data to must be able to erase this data immediately upon request. As the seller, you must be aware of your purchaser’s intentions. Accordingly, if you’re aware they’re not going to allow the right to erase, it will be illegal to sell to that company.

Final thoughts

It can be possible to sell data whilst being in compliance with the GDPR. However, it’s important to be aware of the seller and their intentions with the data. If you knowingly turn a blind eye to the seller’s intentions, then selling the data is considered illegal. The GDPR Privacy Policy is created to abide with these laws. For further enquiries, a privacy lawyer may be able to assist.

Don’t know where to start? Contact us on 1800 529 728 to learn more about customising legal documents and obtaining a fixed-fee quote from Australia’s largest lawyer marketplace.

Most Popular Articles
You may also like
Recent Articles

Get the latest news

By clicking on 'Sign up to our newsletter' you are agreeing to the Lawpath Terms & Conditions

Share:

Register for our free live webinar today!

Drafting & Negotiating Contracts: Essential Tips to Protect Your Small Business

12:00pm AEDT
Thursday 10th October 2024

By clicking on 'Register for webinar' you are agreeing to the Lawpath Terms & Conditions

You may also like

Thinking about managing your trust using a company as trustee? Read our guide on how to create a corporate trustee structure.
How to prevent yourself as a company director from being personally liable: 101 Guide
Some legal documents require a person's signature to be witnessed. So who can be a witness? Read our guide to find out more.

Thank you!

Your registration is confirmed. Keep an eye on your inbox for an email with details on how to watch the webinar.