Elizabeth Denham, Information Commissioner at ICO.
What is the GDPR?
The GDPR is the EU-wide General Data Protection Regulation, which is coming into force on the 18th May 2018 and will be a massive shake up in the way businesses market to their prospects. It’s the management of personal information by private and public companies and is similar to the existing UK Data Protection Act 1998 (DPA), with some new and different policies and requirements.
The government has confirmed that the UK’s decision to leave the EU will not affect the commencement of the GDPR. It is vitally important that you ensure that your business is aware of the new regulations for data protection and with GDPR and it’s something you need to start thinking about right now as there is a 4% fine of global turnover for non-compliance.
Who does the GDPR affect?
The new regulation requires that if you manage; store, and share data on European Union citizens, you now have much greater privacy and data protection obligations. This applies to ‘controllers’ and ‘processors’; those who are in control of how and why personal data is processed (controllers) and those who are responsible for acting on their behalf and completing the processing (processors). If you are currently subject to the DPA, it is likely that you will also be subject to the GDPR.
What does this new legislation mean for B2B Email Marketing?
New regulations state that consents for email marketing must be explicit, specified and informed. This means that we cannot draw a conclusion from silence, pre-ticked boxes or inactivity. Additionally, your data privacy notices/declarations used when collecting email addresses must be clear on how their data will be used and their right to have their details changed or removed at any time of their choosing. Sound familiar? There are already regulations similar to this by the Privacy of Electronic Communications (PECR), if you and your business are playing by the existing regulations now, then you should be fine to carry on, right? The truth is, we don’t know and the ICO are yet to be clear on whether or not B2B Email Marketers are still covered under the PECR Regulations.
You must, and also be able to prove that the security of the data is watertight or are strong enough to prevent a breach or submission to the Information Commissioner (ICO), whose extended powers mean it can impose hefty fines of up to 4% of turnover on businesses who have become victims of data loss. Your data and subscription process will need to be more transparent with regards to how their information will be used, more careful recording of subscribers’ consent to this and providing opportunities for them to remove or amend the data you have on file. Companies will no longer be able to rely on short cuts like obtaining data by purchasing. Under the GDPR, you must provide a legal basis as to what the conditions are that requires the data processing. This must be recorded and documented before processing the data.
How do I get GDPR compliant?
[toggle_content title=”Educate your staff”]
You will need to appoint a nominated data protection lead to provide data protection awareness training for all staff. As well as conducting a review of your data protection practices in order to make sure that your existing consent procedures are all up to date with the new regulations.
[toggle_content title=”Be transparent”]
Your customers can request details about the data you hold and how it’s used. So can the regulators. You need to start collecting some details, which show where you obtained data, what options/choices/information you gave prior to data collection. And you need to store it in a way, which make it easy to respond to queries and complaints.
[toggle_content title=”Double Opt-in”]
Although your lists maybe smaller, contacts that double opt-in are more likely to respond well to your marketing because they are interested in what you have to say. Make sure you have contacted all your existing clients/prospects and get them to double opt-in.
[toggle_content title=”Keep up to date”]
The GDPR at the moment is a living document. You can keep up to date on the Information Commissioner’s website which is a particularly useful resource, whose information is updated monthly to highlight and link to what’s new in their overview of the GDPR.
Useful links to find out more
Until now, data protection compliance has been somewhat optional within Email Marketing. When the new regulations come into place the regulators will be hiring investigators, part-funded from the fines they levy and will be actively policed in the same way the Health and Safety is now. Failure to comply will introduce the risk of administrative fines of up to 4% of group global turnover or €20m (whichever is greater) and, potentially, criminal sanctions. Learning as much as possible is hugely important and preparing now will certainly give you a head start on the GDPR. You now have less than a year to get educated and get compliant.
At mmunic Ltd we are dedicated to ensuring our data protection practices meet all current legal requirements to the highest standard, thus ensuring your email marketing solutions are in safe hands. We provide all our clients with a dedicated account manager who is available 9am-5pm Monday to Friday to answer any questions you may have about email marketing, helping you on your email marketing journey.