DP2017: GDPR Panel Discussion

Take a panel full of industry experts and throw in one of the most pressing topics of the moment.

What do you get?

Invaluable GDPR insight and an unrelenting repetition of the word ‘data’.

Lead by DMA board member and chair of the responsible marketing committee, Skip Fidura – a key member in industry guidance on GDPR, Fidura is also Client Director of Services at Dotmailer.

The illustrious panel included: Comic Relief’s Business Planning and Processes Manager, Liz Curry, Data Strategy Partner, Claire Tusler of Proximity London, Stuart Lacey, Founder and CEO of Trunomi, Head of Group Enterprise Security at Vodafone, Jonathan Hughes, Head of Privacy and Compliance at Trainline, Rebecca Turner and DMA’s own Head of Preference Services, Legal and Compliance, John Mitchison.

Top tips

Things kick off with top tips from each member of the board;

Proximity London’s Tusler says ‘whatever is developed needs to be customer facing, they need to understand why you want their data. You can be completely compliant, but if a customer looks at it and doesn’t understand the value exchange they will not give you consent.’

Referencing article 32 security in GDPR, Comic Relief’s Curry simply says ‘if your data is encrypted at rest or in transit, you don’t have to report a breach to the ICO.’

‘The scale of the challenge is substantial’ says Vodafone’s Hughes ‘breaking it down and prioritising is a good way to start. Do not get lost in the world of data discovery – find a moment in time when it is right and move forward with it. If you’re looking for perfection, you won’t find it.’

Lacey spoke of leadership, stating ‘doing nothing is not acceptable. You do not want to be the last company that cares about data, this is an opportunity to show you dominate this space.’

‘It’s about understanding there are some key dependencies around GDPR activities – we are not going to be able to draft our privacy notices and give transparent information to our data subjects, until we know what we hold.’ from Trainline’s Turner ‘It’s about understanding these dependencies, and having a real risk based and proportionate approach.’

Third party data and transparency

Fidura goes on to ask ‘If GDPR means the end of purchase data, what are you as advisors thinking about for that fatal Monday in May?’

‘It will still exist – you just need to make sure that data is properly consented,’ says Curry ‘a lot of big companies will have to rethink the way they work.’

Hughes spoke of the blanket emails of many marketing departments declaring ‘consumers will not stand for brands spamming them, use of this data is going to have to be a very trusted source in the future, which will hugely limit its ability.’

‘If the consent you currently have is DPA compliant, it doesn’t come up to the standard of GDPR then it’s likely you’ll have to go through an upgrading process’ says Mitchinson ‘there is too much additional information that is necessary to give to data subjects in the GDPR that wouldn’t have been given to them in the Data Protection act.’

From a brand perspective, Turner says ‘It’s not just about consent itself, it’s about looking at other elements in order to communicate information to the data subject in a clear and concise way – we need to be talking to people like people.’

‘Don’t all consumers all deserve to have a relationship of trust and openness?’ from Lacey ‘Whilst legitimate interest is a very important thing to be aware of from a legal perspective, from an operational viewpoint all customers deserved to be embraced with this new movement.’

ePrivacy

A question from the audience: ‘what will the new privacy regulations do to opt-in for email and what will they do to B2B marketing?’

‘ePrivacy has not be signed off yet’ speaks Mitchinson ‘I’d like to think they would keep certain things in, such as each country’s ability to keep their own preference services – and for B2B the DMA have put a lot of effort into trying to keep it as it is, but is hard to predict at this stage.’

‘Preparing for the worst case scenario is not the right thing to do’ he continues ‘being aware of what is going on and getting your voice heard is the key here.’

Consumer awareness

Surrounding awareness from the public, Vodafone’s Hughes says ‘the customer will soon know about GDPR – and when that happens, businesses large and small alike will need proactively ask the right questions and move things forward.’

‘A lot of companies don’t even have consent for the communications they are sending now’ says Tusler ‘burying you head in the sand is not an option. Customers will soon know about it.’

To summarise in the words of DMA’s Mitchinson ‘if you’re looking at the GDPR as a problem, you’re looking at it wrong. The registration is asking you to be accountable for all your processes, and that is a reasonable request.’