Can I use customer data for marketing purposes without violating privacy laws in Georgia? What are the requirements?

Requirements for the use of customer data for marketing purposes in Georgia

According to GACO 10-1-632, a franchisor, manufacturer, distributor, or a third party acting on behalf of a franchisor, manufacturer, or distributor shall comply with and shall not cause a dealer to violate any applicable restrictions on reuse or disclosure of the consumer data established by federal or state law. They may use customer data for reasonable marketing purposes that benefit the dealer, but they must obtain the express consent of the dealer to access or obtain consumer data directly from a dealer’s data management system. The consent must be in the form of a written document that is separate from the parties’ franchise agreement, is executed by the dealer, and may be withdrawn by the dealer upon 30 days’ written notice to the franchisor, manufacturer, or distributor as applicable.

Designation and role of chief privacy officer.

According to GACO 20-2-663, the State School Superintendent shall designate a senior department employee to serve as the chief privacy officer of the department to assume primary responsibility for data privacy and security policy. The chief privacy officer is responsible for establishing department-wide policies necessary to assure that the use of technologies sustains, enhances, and does not erode privacy protections relating to the use, collection, and disclosure of student data. They are also responsible for ensuring that student data contained in the state data system is handled in full compliance with this article, the federal Family Educational Rights and Privacy Act, and other state and federal data privacy and security laws.

Conclusion

In summary, the use of customer data for marketing purposes in Georgia is subject to specific requirements. A franchisor, manufacturer, distributor, or a third party acting on behalf of a franchisor, manufacturer, or distributor must comply with applicable restrictions on reuse or disclosure of the consumer data established by federal or state law, and obtain the express consent of the dealer to access or obtain consumer data directly from a dealer’s data management system. Additionally, the State School Superintendent designates a senior department employee to serve as the chief privacy officer of the department to assume primary responsibility for data privacy and security policy. The chief privacy officer is responsible for establishing department-wide policies necessary to assure that the use of technologies sustains, enhances, and does not erode privacy protections relating to the use, collection, and disclosure of student data.

Jurisdiction

Georgia, Georgia

• General