EU Data Protection Regulation: âAmend rather than dissâ and defy!â

Bizarre. Last Friday, I left the DMA’s Data protection 2013 conference inspired – not my normal feeling after a data protection event. The main reason was the words of the final speaker David Coplin, Microsoft‘s chief envisioning officer. David spoke with passion about the future digitisation of society and what will be possible if we overcome the challenges posed by the proposed new EU Data Protection Regulation. Personally, with 25 years in the data industry I can never get enough examples of how, when harnessed with care, data is transforming the world in which we live!

It wasn’t just David’s session, though.

I was impressed again by the measured and sensible words of the keynote speaker, the Information Commissioner Christopher Graham. We’re lucky to have a marketing-savvy regulator on our side. Christopher articulated strongly the case for protecting personal data and why there must be rules. He clearly feels that the latest draft proposals will not achieve the desired protection for the consumer and need to be amended. He advised on how we should make our case for change by engaging with the EU regulators, rather than defying and fighting them.

Make no mistake, EU regulators and politicians do need to amend much of the latest draft proposals. If implemented as currently proposed, then the new regulation will have a profound impact on all businesses trading in Europe and their ability to win new business. Most of all, it will have a catastrophic impact on the vibrant direct, digital and data marketing industry which is flourishing from the increasingly intelligent use of data and powerful new technologies.

The DMA is very much on the case. Caroline Roberts and Chris Combemale from the DMA made a passionate plea for us to lobby our local Euro MP’s. The DMA has developed an online data protection toolkit to make this easy for us.

My main fear is that in the rush to get new laws agreed EU tegulators and politicians will not differentiate between the online (the politicians’ target) and our off-line world, nor between B2C (personal data where greater protection is necessary) and B2B applications. Overall, having heard all the views from Friday’s event I do believe the regulatory regime will become much stricter. Specifically this is likely to mean that once in law (c. 2016 after a two-year probationary period):

• Marketers will need to be far more transparent with consumers on what they’re doing with their data (hard to argue that this is a bad thing) and provide a better value exchange
• Obtaining data will become much more difficult and expensive making it more even more valuable as an asset than it is today
• There will be much greater responsibility required for looking after data and much greater penalties for not doing so

Penalties that will be much more rigorously enforced. Probably responsibility in law will be extended to include data processors (e.g. marketing service providers) as well as data controllers (the data owner, i.e. client) who has full responsibility under current law.

What We Should All Do Today
The Data protection 2013 conference emphasised how vital it is that we should all be getting started with preparing for this new more regulated world. This will give you a significant competitive advantage plus should make your customers much happier too – make trust a differentiator!

You’ll need to understand fully the impact of the proposed changes. The DMA has some excellent material on its web site and its new data protection lobbying toolkit . Do help yourself, our industry and the DMA and get your lobbying letters to your local Euro MPs in the post.

There are a few places left on the DQM DataIQ Data Governance Breakfast Briefing, from the offices of leading Data Protection lawyers Osborne Clarke, on 21st February. Also, we have also some recent DataIQ research on the impact of the proposed EU Data Protection Regulation changes.

Marketers should as a matter of urgency prioritise improving all processes with respect to data protection. I can speak from experience that achieving the DMA data security standard DMA DataSeal is certainly worth doing for any organisation that manages customer data.

Unless we in the industry get our act together, help the DMA get the draft Regulation amended sensibly and voluntarily raise standards in all aspects of data management, we cannot blame the EU Regulators for removing our opportunity to use our valuable data assets. Our future is in our own hands.

By DMA guest blogger Adrian Gregory
CEO, DQM Group, Chair of the DMA Data Governance Working Party