You could be forgiven for not hearing about GDPR. It sort of just happened, a bit like Brexit, and businesses have been left scratching our heads wondering what to do next. Like Brexit, there’s a lot of confusion surrounding GDPR and what exactly it means. One thing’s for sure, doing nothing is not an option. If you’re in business, and especially marketing, you need to start now if you stand any chance of being ready.
So what is GDPR?
It is new legislation that will replace all current national data protection legislation throughout the EU Member States. It will take effect as of 25th May 2018. Businesses have until this time to prepare to comply with their new obligations under the GDPR.
What are the main points?
Detailed information must be provided to customers on the use and processing of their data.
- Customers must give consent and also be given the ability to withdraw their consent with ease.
- Customers now have more rights, including the right to be forgotten (they can request to have their data deleted) and the right to data portability (to transfer their data to other service providers).
- Businesses must notify breaches within 72 hours to the local data protection authority. Should a data breach pose a risk to customer data privacy, you must inform customers immediately.
- Businesses will have to appoint a data protection officer to manage the ongoing processing of customer data.
- Businesses should also revise the processing of their customer data by third party organisations to ensure the customer rights are not being breached.
What if you don’t comply?
Breach of obligations can result in heavy penalties. These penalties are tiered, resulting in fines up to 2% or 4% of global turnover.
What should you do next?
It depends on where you work. If you’re in a large company, the likelihood is that a DPO (Data Protection Officer) has already been appointed. That said; it’s no harm to make some enquiries and find out for sure. If you’re in a small business, or are the owner manager, you need to move fast and seek professional advice.
Here is some information to get you started. It’s an official user guide issued by the Data Protection Commissioner, the agency tasked with implementing and overseeing the GDPR. Link to PDF – Preparing for 2018
What does it mean for marketing?
The biggest impact will be on permission marketing and outbound communications, e.g. direct mail, email newsletters, website cookies etc. Going forward, people will have to actively opt-in, as opposed to passively not opt-out.
The difficulty arises in the customer data you already hold and if you haven’t specifically asked them to opt-in for marketing purposes. The GDPR is supposedly retrospective so you will need to get the permission of those people who didn’t expressly give it you before. This might be trickier than it seems and require a lot of investigative work.
Suffice to say, this isn’t the last you’ve heard about GDPR. Like Brexit, there’s no avoiding GDPR so you just need to accept it and find a way to deal with it so you’re not left behind it or facing a hefty non-compliance fine.
How can we help you?
While we don’t claim to be experts on GDPR, we are experts when it comes to direct mail and all forms of direct marketing. For the benefit of our clients, and ourselves, we will be keeping a close eye on GDPR developments, as they unfold. If it’s something you need to know, you’ll hear it here first.