CRMT GDPR News Digest Part 1
18 Jul 2017
While there is much in the new regulation that is black and white, there is also much, once you get into the detail, that is as grey as grey can be open to legal scrutiny, interpretation and ultimately case law so please do consult your legal teams before taking action based on the content of this update.
The latest headlines on GDPR from around the globe
QUEEN CONFIRMS GDPR IN UK
Any doubt whether the UK would adopt GDPR has been removed with the recent Queen’s speech promising that the government would introduce a new data protection law aimed at incorporating the EU regulation with some suggesting it may go even further.
Our advice right now would be to treat the UK in the same way as mainland Europe – data protection legislation is and is likely to continue to be closely aligned. (Source)
GDPR TOP PRIORITY FOR 92% OF US ORGANISATIONS
Forbes recently quoted a recent PwC Survey of large US companies that highlighted that 92% of those companies had GDPR as a top priority and 77% of those plan to spend $1m or more on GDPR compliance. (Source)
Whilst we think 92% is optimistic, we are seeing a definite trend of greater awareness and companies starting to think about a GDPR implementation plan as we get closer to the deadline .
ICO FINES BIG BRANDS
Both Morrisons and Flybe in the UK have been fined trying to prepare for GDPR by sending emails to customers who had previously unsubscribed from marketing emails, trying to get them to opt back in. (Source)
Be careful you don’t fall foul of existing data protection laws in the rush to get opt-in consent.
Frequently asked questions about GDPR
B2B - DO I REALLY NEED CONSENT?
The issue of consent is one of the hotly debated topics, especially for B2B marketers. Some legal professionals and industry commentators are advising not to go down the consent route – preferring to use “Legitimate Interest” as the legal basis by which you can process prospect and customer data (ie. you have the legitimate interest to grow your business by telling your customers and prospects about your products/services). Others are saying that going down an Opt-In/Consent approach is industry best practice, is good for the Brand and ultimately gives the best customer experience. Some are even saying that each country within Europe will decide whether to relax the rules for B2B resulting in the current country by country approach for B2B.
So it’s about as clear as mud then!
The ICO in the UK have published draft guidance for Consent that is clear – no distinction between B2C and B2B and two routes for the legal processing of data (Consent or Legitimate Interest) for Direct Marketing.
Some of the draft guidance has been challenged by bodies such as the Direct Marketing Association (DMA) and we await the publication of the final guidance later in the summer before some of the confusion can be finally cleared up. We assume that the accompanying ePrivacy Regulation will mirror the Consent requirements within the GDPR for email communication and cookies etc.
The important thing from a regulation perspective is that you adopt one approach or the other so as not to confuse your customers/prospects. The basis by which you are processing their data needs to be stated clearly in your privacy policy and you need to stick to it. Asking for an opt-in on your web site and then emailing everyone on your database whether opted-in or not, thinking that you can then hide behind “Legitimate Interest” will be frowned upon.
This is the one area that not only has a major impact on marketers, but is also at the same time as being and yet one of the areas that is currently open. One of the greyest areas for B2B marketers is around the use/need for consent (or Opt-in) before we can process personal identifiable data.
WILL I CONTINUE TO BE ABLE TO PURCHASE 3RD PARTY DATA?
The current draft Consent guidance in the UK from the ICO says that prospects/customers must Consent to their data being passed to a 3rd party for processing and that 3rd party must be explicitly named. This obviously kills off the 3rd party list provider market so not surprisingly the DMA have challenged this in their response to the draft guidance. Again, we will have to wait to see the final guidance before we can be sure which way this will go.
Stay tuned for further GDPR updates and insights.
Useful reading from the UK ICO
- Preparing for GDPR: 12 steps to take now
- Privacy Notices, Transparency and Control
- Draft Consent Guidance
Visit our website to learn more about how CRMT can help you get GDPR ready in marketing.
Please login to comment.
Comments