It’s finally here. 25 May 2018. #GDPRday.

After months – if not years – of speculation, planning and debate about exactly what the new rules mean, today the General Data Protection Regulation comes into force.

So, what does it actually mean for marketers? What’s the latest thinking on its impact as it goes live? And how will your marketing activity change under the new rules?

We round up the latest news and opinion as the new regulation takes effect.

Getting to the heart of GDPR

One of the challenges with the new rules has been a lack of clarity around what exactly it means, and what it requires of firms.

The Information Commissioners Office – the UK’s representative on the EU’s GDPR Working Party – has attempted to clear up some of the confusion.  Its blogs and publications on the regulation have been very helpful in delivering ‘plain English’ explanations on what’s needed.

This has proved an invaluable resource for marketers, compliance teams and others looking for clarity.

So much so that as I write this blog, the ICO website is unavailable – temporarily collapsed under the weight of interest from people who want the definitive steer.

Is GDPR as big a deal as we have been led to believe?

Rather like the PPI claims industry, an entire subculture has sprung up around the regulation, with law firms and others offering compliance advice and implementation support.

And with some commentators suggesting that data breaches will be the next PPI scandal it’s little wonder businesses are taking it seriously.

Consent has been a big focus – just last week, the Information Commissioner’s Office published its final guidance on consent, setting out the changes that are needed to comply under GDPR.

The guidance compares the previous Data Protection definition of consent with the GDPR one:

DP Directive definition:

“any freely given specific and informed indication of his wishes by which the data subject signifies his agreement to personal data relating to him being processed”

GDPR definition:

“any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her”

It notes that while ‘the key elements of the consent definition remain…the GDPR is clearer that the indication must be unambiguous and involve a clear affirmative action’.

And that ‘this definition is only the starting point for the GDPR standard of consent. Several new provisions on consent contain more detailed requirements…In essence, there is a greater emphasis in the GDPR on individuals having clear distinct (‘granular’) choices upfront and ongoing control over their consent.’

Consent isn’t the only way

While more robust consent is a big feature of the regulation, it’s not the be-all and end-all.

The focus on seeking consent has perhaps been such a focus that it’s overshadowed the truth of the rules, which is that there are five other lawful bases for processing data.

This is something that firms seem to have realised quite late into the process. The flurry of emails seeking consent has, in recent days, been replaced with ones focusing on their privacy policies.

If your firm is still seeking consent, it’s worth exploring whether one of the other bases is more appropriate.

Privacy panic

In a BBC News article titled ‘GDPR: the great privacy panic’, technology correspondent Rory Cellan-Jones today talks about the ‘increasingly frantic messages asking me to opt in’.

But he goes on to say that it is not clear whether these emails are necessary – that maybe companies don’t ‘really need to send out a “click here or disappear” email, rather than the less radical approach of outlining their privacy policy and giving recipients the opportunity to unsubscribe from the mailing list’.

The danger about the consent approach, he says, is that while larger organisations may be acting on ‘expensive legal advice that this was the safe route to take’, smaller businesses may follow their lead, and ‘risk losing contact with customers who could be vital to their future’.

If you’re an SME without the option of expensive legal advice, but want to make sure you’re complying, these tips on how small businesses can overcome the GDPR challenge may be helpful.

Compliance doesn’t end today – it starts

Elisabeth Denham, the Information Commissioner, has been busy responding to a (fairly last-minute) surge of interest in the new rules. Today she made an appearance on Radio Four’s Today programme, and has also published a new blog (which if the world and his dog has stopped reading it, you may be able to access here).

The blog stresses that 25 May doesn’t mark the end of GDPR activity for marketers – the opposite, in fact.

It’s the start of a new era in communication and data – a changed landscape for marketers.

If you haven’t already, you need to think about how your marketing may change under GDPR. For instance, it’s predicted that GDPR will increase the use of social media, as way of circumventing the new data rules.

Look too at some of the efficiencies you may need to make to counteract the additional work the new regulation entails.

A responsible approach to data

Key to meeting the GDPR requirements – and many of the other rules that regulated firms face – is creating a culture where your customer is central to everything you do. Make client focus the core of your ethos and you are likely to have a head start with any regulation aimed at improving consumer treatment.

Keep up with the ICO’s regular blogs and GDPR microsite – both good sources of information. Staying abreast of any new thinking will help as you embed the regulation as ‘business as usual’.

Of course, GDPR is just one of a myriad of rules faced by marketers, particularly if you’re overseen by the FCA or other industry regulator, but also for unregulated businesses.

To make sure you’re on the front foot when it comes to the rules that govern you, and how to avoid compliance breaches, you can download the Marketing Guide to Compliance by Perivan Technology.  This free guide covers nine key areas that marketing needs to know about financial promotions and compliance. You can read a copy here.

 

Nothing in this document should be treated as an authoritative statement of the law. Action should not be taken as a result of this document alone. We make no warranty and accept no responsibility for consequences arising from relying on this document.

We offer a complete solution with a range of self-service, cost effective, compliance and marketing products and services including copy advice that are uniquely suited to supporting firms.

CLICK TO GET STARTED