What the new EU data laws mean for multi-unit retailers | DMA

Filter By

Show All
X

Connect to

X

What the new EU data laws mean for multi-unit retailers

T6963c7b448a8-blog-image-(1)_56963c7b447af-71.jpg

This spring, new EU data protection legislation is set to be passed after negotiations ended in December. According to Eurobarometer, two-thirds of Europeans say they are ‘concerned’ about not having complete control over the information they provide online, and the new laws will aim to give consumers more rights and better protection when it comes to giving businesses access to their personal data.

For marketers, this is a big deal; the reforms will affect the way businesses collect information about their customers online, as well as how they use it for marketing purposes. Things which you previously took for granted, like adding customers to a mailing list, will no longer be as straightforward as they once were.

Companies will have two years to implement the changes before they are enforced by law, so as you prepare for change, here’s an overview of what to expect.

Gaining explicit consent

Under the new laws, individuals must have given unambiguous consent to receive communications from businesses, and must have positively acted to that effect. So an opt-in tick box on a landing page, for example, cannot be ticked by default; the guest must tick it themselves.

On top of this, the information surrounding the opt-in must be clear, and must describe all of the uses the individual’s data is being collected for. Businesses using the data for any other purposes which the customer has not agreed to (including profiling and statistics generation) may be in breach of the law, and could face a fine. In the event of a dispute, it will be up to businesses to prove that they obtained explicit consent from the customer, so proof of consent should be stored in a way that’s secure but also easily accessible to you.

The right to be forgotten

The new legislation will also give consumers the option to have their data removed. Once the reason for which an individual’s information was collected is no longer valid – for example, a period of email or SMS notifications has ended – their data should be anonymised or deleted entirely.

An unsubscribe option must be clearly communicated to customers, and individuals will be able to object to the processing of their personal details at any time. If they object, then their data can no longer be used for marketing purposes.

Communicating a security breach

The laws also give customers the right to know when their data has been hacked or exposed. If a security breach occurs, as well as notifying the data regulator, businesses may be asked to notify every customer who has been affected so that they can take appropriate measures.

The stakes are high; businesses caught breaching the new laws will face fines, as well as reputational damage. Two years is quite a short period for marketers to change the way they work, so the more prepared your department is, the better.

Check our blog next week (or subscribe for email updates, if you haven’t already) for our guide on how marketers should be preparing for the new legislation.

Hear more from the DMA

Please login to comment.

Comments