The expertsâ 10 points to prepare for regulation | DMA

Filter By

Show All

Connect to


The expertsâ 10 points to prepare for regulation


Rosemary Smith, director, Opt 4, and Andrew Bridges, data governance manager at Nectar owner AIMIA, talked through their 10 concerns for the coming European data legislation.

Smith said, “I have a strong feeling that the regulation is like the bogeyman under the bed. Three years of waiting, wondering, worrying about what might finally come together. For us in the UK, it means stepping up in terms of compliance. There is no doubt about that. When? That’s above my pay grade, but it will come to us in no short order,” she said.

She and Bridges talked through the following 10 points. For simplicity, we have merged their comments below:

1. Regulation, not directive:

How will each member state take the new regulation into their business? Will it be a pick-n-mix scenario, or will we agree to a specific scenario? You may get the worst of both worlds - an overall blanket but individual differences.

2. Explicit consent – opt in:

Is it opt-in Armageddon? We will all be affected. Advertising is driven by profiling. We should be clear - this is how we process your data. If you don’t like it you can opt out, but it is built on trust. What does the consumer want? If everything is opt-in, it could mean a lot of work for businesses.

3. Specified ‘legitimate interests’:

These include the marketing of similar products and services, postal marketing and B2B. It is a good idea to specify where it will apply. In the spirit of being open and honest, let’s discuss the issue. We have to be clear: look for guidance. If you don’t know, put your hand up.

4. Documentation – proof of consent:

There is a lot of process in the regulation. One aspect is the requirement to document consent. That will be a challenge. Most CRM systems do not have that level of granularity. At the moment we are just yes or no. It’s one of the components that has to be broken-down. Consent by channel, by brand.

5. Mandatory Breach notifications for consumers:

We don’t want to see notification fatigue that undermines faith in the Internet, which is where data is driven. It creates panic. We need to find a fine line.

6. Privacy impact assessments:

This has been best practice for a while. A product or service configuration must come first, and needs to come at the start of the process. The crown jewels - data - have to be protected.

7. Restrictions on profiling/ use of IP addresses:

I believe if we don’t get this right, the whole industry could be affected. To affect targeting would be massive. We would be back to a scattergun approach. People don’t want offers that aren’t relevant for them.

8. Liability – admit fault:

Up to now, processes have been the instruments of the data controller. The Data Processor will share some liability. This could have really big effect - look at the size of potential fines. You need due diligence. At the moment we have a three-month process to find suppliers. Is it too much? Well, it protects our brand. Who, really, is in control of the data?

9. Right to erasure, not just removal:

Are there any issues or is it just a Google issue? It's just Google - just the service provider. We have to keep an eye on this and see how it develops. Expectations may be raised of erasure, but we don’t know where that will land.

10. Data protection office:

We don’t know when they will be required, or what will determine it. Will it be the size of the company, or local law? Where will we find all the people? We have to force that through and train a few people. As a community we need to work on that.

Hear more from the DMA

Please login to comment.


Related Articles

A telemarketing programme involving hundreds of one-to-one conversations with customers and prospects is the perfect opportunity to perform a thorough proof of concept. It enables you to learn quickly and validate your approach in a systematic, transparent way, so you set off on a better track.

Depositphotos_667828676_S (1).jpg

Economic pressures have plagued households for several years, with brands facing the challenge of engaging consumers who are more budget-conscious than ever before. As a result, brand loyalty has sharply declined, with 61% of consumers being less likely to stick with brands in 2023 compared to 41% in 2022.

Cost of Living Exit Strategy Report 20244

Purple Square’s Tim Biddiscombe interviewed marketing data and tech industry veteran Andy Masters about the essential roles of listening, learning and trust in building holistic and effective customer journeys.

Thumbnail Reimagining CX _Andy Masters 600x400.jpg

When thinking about sustainable marketing, often we think about the channels we use, or materials we use in a physical sense. We overlook things like the audience targeting, data cleanse & optimisation, which have a big impact on minimising wastage.