GDPR, mailing lists and the live business
The data generated by digital platforms such as Spotify provides musicians with valuable insights into their fans’ locations and behaviour. Fortunately, much of the data provided by third-party platforms is anonymised, which means it generally falls outside data protection legislation.
However, bands, promoters and booking agents routinely collect contact details and other personal data relating to their fans and customers, which falls squarely within the remit of the legislation.
There is a legal requirement when collecting, using and storing personal data to inform the data subjects about what data you are collecting and what you will be doing with it. This doesn’t just apply to companies; bands and musicians acting in the course of business also have this obligation (there are exemptions, and you should visit your local information commissioner’s office website to find out more).
If you’re planning to share personal data with a third party, such as between a band and a promoter, it’s important to establish a legal basis
So, if you receive an email from a fan asking for information about a forthcoming tour, can you add their email address to your database and start sending them marketing material? The simple answer is no, you can’t.
Individuals usually have to give explicit consent to their personal data being used for marketing purposes. However, you can reply to the fan, answer their question and ask if they want to join your mailing list. If they agree, you are free to market to them, but remember to make a record of their consent, and ensure that your marketing emails include simple instructions to help the recipient locate your privacy information and opt out of the emails.
Rob Eakins can be reached on +44 161 358 0280 or [email protected]