Agents were cautioned against contacting their customers to reconfirm they have permission to direct market to them ahead of new EU data laws coming in next year.

The General Data Protection Regulation will see hefty fines imposed of up to €17 million or 4% of global turnover if companies are found to be not compliant when there is a data breach.

Critical for firms that market to customers is having explicit consent to do so, raising the question of whether they should go back to their existing databases to make sure they have this.

However, Simon Bunce, Abta head of legal affairs, said agents’ right to continue marketing to its customers may be considered allowable as a legitimate basis for their businesses.

He advised delegates against re-seeking explicit consent because they are likely to lose most of their customers because few will respond.

“You need to proceed with great caution,” he said. “Direct marketing can be a legitimate interest of the business. It’s perfectly legitimate that you might want to market holidays to existing customers.”

Bunce said the European Commission has set up a working group and Abta is expecting further guidance on direct marketing and what constitutes legitimate interest.

He described GDPR as a “massive topic” but not one that agents need to panic about although they should not put off doing something about it.

Agents should carry out data audits so they know where their data is stored, what is being stored, for what purpose and processes they have in place, Bunce said.

He added this was not just a technology issue, saying staff must be made aware of their responsibilities when dealing with customer data and not leave it lying around shops and offices.

Bunce said Independence Group members are likely to be data processors rather than controllers so will be subject to less strict rules.

MoreSpecial Report: What GDPR changes mean and how to stay compliant

‘Document data compliance’ or risk heavy fines

Opinion: You can’t afford to ignore GDPR, so what is it?