As you probably know the power of GDPR (General Data Protection Regulations) comes into effect on 25 May 2018. On that day the regulations become LAW!
GDPR is not new, it is a current European initiative to ensure that all individuals data and privacy rights are protected – this includes B2B marketing. The deadline for full compliance is 25 May 2018 and if someone disregards or flouts the regulations, they are liable to be fined. Fines can be up to 20million Euros or 4% of global turnover (whichever is the greater).
Unfortunately, from a marketing perspective there appears to be conflicting advice or regulations depending on which body is providing the advice. For instance, PECR (Privacy and Electronic Communications Regulations is an implementation of the European Union (EU) e-Privacy Directive in the United Kingdom which allows for ‘soft opt-ins’ for email marketing where certain conditions have already been met. For instance, where you’ve obtained a person’s details during a sale or negotiation for a sale of a product or service, and where the messages are only marketing similar products or services, and where the person is given a simple opportunity to refuse marketing at the time their details are collected. Furthermore, if they don’t opt out at this point, they are given a simple way to do so in future messages.
However, if another law conflicts with GDPR, then GDPR takes preference.
There are many more regulations to consider in the electronic marketing field and marketers should fully acquaint themselves with what they can and cannot do.
Many companies are already using best practice processes in their marketing, but this needs to be integrated with the company-wide policy on GDPR which covers not just the use of data, but how it is received, stored, recorded, deleted and used. There needs to be a GDPR company policy in place to prove that you are GDPR-compliant.
Permission-based marketing has always been best practice and the preferred marketing technique of many companies, but soon it will be law and those who ‘spam’ email will either cease to trade, or be caught and fined. We believe that GDPR will restore reputation and faith in direct marketing. It is therefore important that you put in place a process for how you handle data, and that you physically record that you have had a person’s permission to send them electronic marketing materials, and that all your electronic marketing materials clearly identify who you are, and that you provide a clear and easy method for them to say STOP to further marketing at any time. You need to record when and how that request was received, and that you have complied with the request.
Printed mail is slightly different since you are not using someone’s personal data (i.e. their email address). But, it is recommended good practice to include a simple line at the bottom of mailers, newsletters or any other marketing material that you send through the post, that says “if you don’t want to receive any further marketing material from us, then telephone 01234 56789 or email us at firstname.lastname@example.org and say STOP.
Here are some links to government and other websites that provide useful information on GDPR.
The Information Commissioner’s Office will police and enforce GDPR in the UK. https://ico.org.uk/
At the time of writing there are several pieces of legislation that interlink:
1. The Data Protection Act 1998 DPA
2. Privacy and Electronic Communications Regulations PECR
3. General Data Protection Regulation (GDPR) Guide to GDPR PDF
4. Telephone preference service and fax preference service.
NB. This blog has been researched and written based on our understanding of GDPR and we recommend that you appraise yourself on the subject as we cannot be held responsible for any actions taken by you, based on the above.