Call south 020 8050 8915 Call north 01772 915005
News

GDPR and Marketing: How Will The Change In Legislation Affect Your Company?

by Hannah Robinson

GDPR – these four little letters are inducing widespread panic in marketing companies across the UK. 

But, as they’re whispered during secret soirees at the water-cooler, what exactly does this initialism mean? And how can marketers avoid meltdown now this milestone has been passed?

Well, you’ll be pleased to know that 3ManFactory are here to help you realise that this change is an opportunity, rather than crisis!

First things first: what is GDPR?

GDPR literally means: the General Data Protection Regulation, and it’s one of the biggest changes to our data laws that we’re likely to witness. Ever.

Currently, the UK is compliant with the Data Protection Act 1998. However, unforeseen advances mean that people’s data is being used in ways that are not accounted for under this legislation. For instance, both Facebook and Google swap access to individual’s data for uses of their services.

The EU therefore aims to give people more control over what happens with their personal data, as well as providing simpler, clearer laws for businesses that are consistent throughout Europe.

With this in mind, the UK will still adopt these changes, despite voting for Brexit. It will officially come into effect on 25th May 2018, which hopefully gives companies enough time to get their head around the new laws and to make sufficient changes to the way they manage data.

Who does it affect?

In the most basic of terms, this change will affect:

  • Controllers – the people who are in control of how personal data is collected, stored and used.
  • Processors – the people who hold and process the data. They act as a middle-man between consumers and the data controllers.

In real terms, an example of a controller would be a market research company conducting research for a client. If they determine what data they’re collecting and how, as well as who the data will be collected from and how they’re presenting their results, they are definitely controlling data.

An example of a processor could be a brand of email marketing software, such as MailChimp. This software is used by brands to market to consumers, by processing end-consumer data for its brand customers.

Facebook would also be an example of both a controller and a processor, since it collects the data from its users when they open an account, and then stores and processes this information. For example, this social network takes its users’ data, compiles it, and uses it to target demographics when creating Facebook ads.

Now you know this, there is one really important piece of information that you MUST hold on to like your life depends upon it: even if the controllers and processors are based outside of the EU, they MUST follow the GDPR regulations that apply within the EU if they are handling the data of EU residents.

So what does it involve?

In essence, GDPR refers to how controllers and processors must ensure that personal data is ‘processed lawfully, transparently and for a specific purpose’. 

These are some of the main points that need to be considered under the new legislation:

  • An unambiguous ‘opt-in’ must be present so that personal data can be processed. Therefore, pre-ticked boxes or anything that assumes consent will not be sufficient.
  • Brands need to explicitly state what will be done with personal data.
  • The names of individual companies must be stated if personal data is going to be passed on to third parties.
  • Controllers and processors must keep a record of how and when consent was given by every individual.
  • Consent can be withdrawn at any point.
  • If a consumer decides to withhold consent to their data being processed, brands will not be allowed to stop them from using a service.
  • People have the right to access their personal data at regular intervals, and controllers must do this within one month of inquiry.
  • Individuals have the right to have their data deleted if it is no longer necessary for the purpose it was collected for. Therefore, they have the ‘right to be forgotten’.
    Here, the controller is also responsible for telling third parties to delete this personal data.
  • Finally, personal data must be stored in commonly used formats, so it can be moved to a different organisation if requested. This must also be completed within one month.

How exactly will this affect the marketing industry?

Whilst many people assume that GDPR is going to cause the mother of all headaches, you really should view this change as an opportunity to improve your business for the better!

Marketing companies will have extensive databases bursting with contacts. However, after investing your valuable time in gaining consent from your lengthy lists of contacts, and after witnessing the purchasing of mail lists go on the decline, you will undoubtedly transform the way you use data.

It’s a case of quality over quantity. Rather than having a database that lists hundreds of thousands of insignificant contacts, you will have a smaller database that consists of people who are genuinely interested in your goods or services. The quicker you adapt to these regulations, the quicker you’ll receive a better ROI.

Plus, not only is the current maximum penalty for failing to adequately protect customer data a huge £500,000, but from 2018, this is set to increase to £16.9 million or 4% of a company’s global annual turnover (whatever works out higher!). For a larger company, this could be catastrophic, so imagine the devastating impacts this could have on a smaller business?

With these figures in mind, don’t get caught out. Like us, make sure you have a surefire plan of attack to tackle this looming change in legislation, before it’s too late! If you need help or support in putting your GDPR plan in place, get in touch