At Wizard Card, we see every day how digital business cards help companies network more easily and efficiently. With just one tap or scan, you can effortlessly share your contact details, business social media profiles, websites, and more. It’s smart, fast, and sustainable. But we also understand that entrepreneurs and businesses may have questions about how digital business cards fit within the General Data Protection Regulation (GDPR).
To ensure you can use digital business cards with confidence and remain GDPR-compliant, we asked corporate lawyer Chiara de Jong from Simply Legal to share her expertise. In this article, she explains what businesses should keep in mind when using digital business cards, and how to handle them in a privacy-friendly way. That way, you’re not only choosing convenience — but also a future-proof and legally sound solution.
Digital business cards are a modern alternative to traditional paper cards. Instead of handing over a physical card, you share your contact details digitally — for example, using an NFC business card. These cards are designed to be simple, flexible, and sustainable.
The process is easy: when someone brings their smartphone close to the NFC tag on your card, a digital profile automatically opens displaying your contact information. This can include your name, email address, phone number, and even links to your social media profiles.
What makes digital business cards unique is that they do much more than just share contact details. You can easily link to a comprehensive online presence, such as your LinkedIn profile, company website, landing page, or digital brochures. This makes them not only a smart networking tool, but also a powerful way to present yourself or your business.
Another key advantage is sustainability. While traditional business cards are often discarded or need to be reprinted when details change, a digital card can be updated easily without the need to produce a new one. This is not only environmentally friendly but also saves time and costs. In addition, it supports a company’s ESG goals, with sustainability and responsible business practices becoming increasingly important.
The General Data Protection Regulation (GDPR), known in Dutch as the Algemene Verordening Gegevensbescherming (AVG), is a European privacy law that has been in effect since May 2018. It was created to better protect the personal data of EU citizens and to raise awareness among organisations about how they handle this data.
For businesses, this means they must carefully consider how they collect, process, and secure personal data — all to ensure the privacy of individuals is respected and protected.
A paper business card is handed out physically, without any data being stored on a server. As a result, paper cards are quickly used up, and sharing contact details is limited to the number of cards you’ve printed.
Digital business cards make it much easier to share contact information. You can use them an unlimited number of times, and in addition to contact details, you can also track other data — such as how often your card has been shared with leads. You’re no longer limited by a printed supply, but instead benefit from software features and securely stored data on the relevant server.
Because you can share, store and analyse various types of data, it’s important that your organisation complies with the obligations set out in the GDPR. Below is an overview of the most relevant GDPR rules regarding the processing of personal data.
The personal data of individuals for whom you create a digital business card may only be processed if there is a lawful basis for doing so. This may include consent, performance of a contract, or legitimate interest.
Ensure that only the data necessary for a specific purpose is processed, and that the processing always serves a clear goal. If certain personal data is no longer required to achieve that purpose, you should limit or stop processing it. You can record the purpose, the type of personal data, and the legal basis in a processing register. This provides a clear overview of all data processing activities and whether they are still aligned with their intended purpose.
It’s essential that the person whose data is being processed is made aware of that processing. Under the GDPR, organisations must clearly inform individuals about what is happening with their personal data. This can be done, for example, through a privacy notice explaining how the data is processed, for how long, and with whom it is shared.
If you process personal data together with another party, you are required under the GDPR to enter into a data processing agreement. This also applies when you use digital business cards managed by a provider such as Wizard Card. At Wizard Card, we offer a standard data processing agreement, which is included in our terms and conditions. You don’t need to take any further action.
If you use digital business cards for your employees, you are processing their personal data. This means the GDPR applies.
An internal privacy policy ensures your organisation meets its duty to inform. This obligation does not only apply to customers, but to all individuals whose personal data your organisation processes — including your staff. In your privacy policy, you can explain how and for what purposes you process employee data and how long this information is retained.
Employees have certain rights regarding the processing of their personal data. These include the right to access, correct, and delete their information. Your staff may submit requests to exercise these rights. If you honour such a request, you must also inform any third parties who process your employee data on your behalf — such as the provider of digital business cards, like Wizard Card.
For internal compliance, it is good practice to maintain a data processing register. This applies to every organisation, regardless of whether you use digital business cards. If you analyse the usage of business cards and the exchange of data with leads, you may be tracking employee behaviour and preferences. In that case, you may be required under the GDPR to carry out a Data Protection Impact Assessment (DPIA). A DPIA helps to assess the risks and impact of the data processing activities.
Looking to switch to digital business cards while staying compliant with the GDPR? Here are some practical tips:
Digital business cards offer a modern and efficient way to share contact details, but they also come with responsibilities regarding privacy. The GDPR sets clear requirements for organisations processing personal data. This means companies have a legal obligation to handle both client and employee data with care.
Not all digital business card providers have these matters properly arranged, which may expose your business to risks.
At Wizard Card, our processes are fully aligned with GDPR requirements, allowing businesses to use digital business cards with confidence. Through our data processing agreement, clear privacy guidelines and appropriate technical safeguards, we take the complexity out of your hands.
We've all been there: you're at a networking event, reach into your jacket pocket… and your business cards are gone. Or maybe you have a few left, but they’re crumpled or outdated. Meanwhile, others are pulling out their phones to share their contact details instantly. There’s a smarter way. A QR code business card is the perfect solution.
More and more organisations are making the switch to digital business cards. But how are these cards used in practice? And what do they really deliver? To find out, we ask our customers to share their experiences.
For this customer story, we spoke with Van Iersel Luchtman Advocaten — a full-service law firm with over 60 employees. They’ve been using Wizard Cards for more than a year. In this story, they share how switching to digital business cards supports their sustainability goals and helps them leave a lasting impression on clients and business contacts.
At Wizard Card, we see every day how digital business cards help companies network more easily and efficiently. With just one tap or scan, you can instantly share your contact details, business social media profiles, websites, and much more. It’s convenient, fast, and sustainable. But we also understand that entrepreneurs and businesses may have questions about how digital business cards align with the General Data Protection Regulation (GDPR).