Marketing: What do mobility marketers need to know about GDPR?
With the official implementation of GDPR fast approaching, marketers are still feeling uncertain and apprehensive about the changes these new regulations will bring. In fact, research conducted by the Direct Marketing Association has shown that 30% of marketers think their organisations are unprepared for GDPR, with 15% reporting that they have not yet implemented a plan at all.
What is the GDPR?
To put it simply, the General Data Protection Regulation (GDPR) is a new set of European-wide data protection regulations, coming into full force in May 2018, which will strictly regulate the way in which personal data is processed.
Until recently, UK data protection was regulated by the 1998 Data Protection Act and the 2003 Privacy and Electronic Communications Direction Regulations.
GDPR will replace both these legislations with a new, stricter directive, which focuses on balancing the data collection rights of businesses with the data privacy rights of consumers. As the first major revision of European data protection laws, the regulations come as a response to the ever-expanding digital age, where the amount of data being processed by businesses is rising at an unprecedented rate.
The need-to-know major changes that GDPR will generate
Previously, pre-ticked and opt-out boxes were enough for companies to prove data ‘consent’, but under the new regulations, this will no longer be sufficient. Instead, data subjects must actively opt-in using unchecked tick boxes or written/electronic/oral statements
- The definition of ‘personal data’ has been clarified in greater detail and now includes online identifiers (including IP addresses and local information)
- All opt-in requests must use accessible, clear and have an unambiguous language to ensure that informed consent is given
- Businesses are no longer permitted to withhold goods/services from individuals who do not give consent for something completely unrelated (i.e. free Wi-Fi for opting into email communications)
- Businesses must provide adequate and valid reasoning to justify claiming data through ‘legitimate interest’. Consumer rights must be respected, along with the businesses’ own data collection rights
- Privacy policies must be explicit about what data will be used and how it will be held – ambiguous statements like “data is used for sales purposes” will no longer suffice
- Extensive records must be kept of all data collection forms to show how consent was granted – this includes telephone scripts
- It must be made clear to all data subjects that they have the right to revoke data consent at any time and this must be a simple and straightforward process
GDPR will have huge ramifications on the way in which UK businesses operate and the consequences for not adhering to the new regulations can become very costly.
Companies, both retailers and manufacturers, will run the risk of facing hefty fines if they fail to comply with the requirements listed above. Consequently, it is crucial for businesses to re-evaluate how they capture and store personal data.
Above all, personal information must be processed lawfully, treated with respect and importantly, kept secure. This last issue of security is one that is extremely important for an industry such as healthcare, which can see companies sometimes collecting very personal information on their customers due to the nature of the business.
So, if your organisation has not started to implement a comprehensive GDPR strategy, now is the time to start.
Accord is an integrated marketing agency specialising in the mature market. Everything we do is brilliantly joined-up, achieving real results by using the right channels, targeting the right audiences and developing the right strategy.
To understand more about this market or to find out more about how Accord can help your business, contact John on 020 7395 9632 or firstname.lastname@example.org