January 11, 2018
It’s the question on every marketer's lips, and if it isn’t, then it should be... If GDPR is a term you are unfamiliar with you haven’t much time to get your house in order, as 25th May 2018 is D Day for British business.
GDPR is going to be one of the biggest things to hit the sales and marketing world in several years – indeed, make that a lifetime.
The way you collect and process information about individuals is set to be brought under new regulations – and these regulations are widespread and uncompromising.
So, if you maintain a client database, have a new business list, distribute a customer newsletter, compile a list of invitations for an event or indeed have anything to do that requires keeping a record of personal information about a subject then GDPR will apply to your business.
And it will be EU wide. If you store EU Citizen data, the Citizen should be able to access it, retrieve it, change it or transfer it somewhere else. And for the record, data is any information stored about EU citizens.
And there are serious consequences for your business if you don’t comply to the new rules that are coming.
Under the current Data Protection Act, the maximum fine the Information Commissioners Office (ICO) is entitled to levy against a data controller that has breached the legislation is £500,000.
Under the GDPR, the ICO can impose up fines of up to 20 million Euros
Or 4% of group worldwide turnover (whichever is greater) and that is against both data controllers and data processors.
Personal information like name, address and email address. Historical information like employment history, medical history and credit history. Company data, including information about staff, customers, account holders and suppliers. GDPR affects everyone, whether you are a large multinational corporation or a small corner shop with one employee. GDPR reshapes the way organisations across the EU approach privacy.
Preparing your brand GDPR is a massive exercise, the details of which we can’t cover in depth in this edition of Brighter Thinking. However here are a few highlights for you to consider.
The increased territorial scope of the GDPR is going to be one of the most imposing changes of the new data regulation.
Because the GDPR seeks to protect the rights and freedom of anyone residing in the EU, all businesses (be they inside or outside the Union) need to comply with the data laws if they process the information of any EU citizen.
Given the global nature of business, it’s extremely likely that brands will be processing the personal identifiable information of an EU resident as part of a campaign or project.
How the GDPR affects marketing
The GDPR is not quite as stringent as many fear, but it does affect marketing in three critical areas.
The first is regarding opt-ins, opt-outs, and consent regarding communications. The GDPR mandates that consent must be ‘freely given, specific, informed, and unambiguous’, and articulated by a ‘clear affirmative action’. That means you can’t assume consent based on ‘inactivity’, and that a pre-ticked box isn’t going to cut it. Prospects and customers must agree that their data can be used and that they can be contacted.
The second is the much-discussed right to be forgotten. The GDPR is designed to confer more control to individuals over how their data is collected and used – and this means giving them some means of accessing and removing their data. They can do this when there’s no legitimate reason to process their information, when they withdraw consent for it to be used on the original terms, and when it’s been unlawfully processed.
The third change is to the legal basis for processing personal data. Practically speaking, this will necessitate better housekeeping on the parts of marketers – and less collecting data for unnecessary, or frivolous reasons.
As you can see, GDPR is big news for everyone and everyone needs to get on top of how their organisation is preparing for it.
And before you ask, with Brexit happening in March 2019 won’t that change things or impact it in some way?
Well, even though the UK is set to leave the EU, the GDPR will still apply, as the regulation was written into law before Brexit became a reality.
For while the UK’s impending exit from the EU will affect several areas of public and private life, it won’t affect the need for its businesses to comply with the legislation.
The GDPR affects any organisation that collects and processes the data of an EU citizen – so there will, in reality, be few UK businesses that will never have to comply with it, and by 2019 at the very earliest, there will be none.