GDPR Latest News: A Marketer's Guide to the New European Data Regulation
GDPR (the New European Data Regulation) will take effect in the UK regardless of Brexit. The new European General Data Protection Regulation (GDPR) will become law on 25th May 2018. Best estimates suggest a bare minimum of 24 months processing and negotiating once Article 50 has been triggered. It will also remain in play for member states once we have fully departed and impact anyone doing business and holding data on EU citizens.
“While the Regulation will enter into force on 24 May 2016, it shall apply from 25 May 2018. The Directive enters into force on 5 May 2016 and EU Member States have to transpose it into their national law by 6 May 2018.” (From the EU Commission Site)
“GDPR is a paradigm change in the way that data collection and use is regulated. We have moved from an era of relatively laissez-faire regulation of data in Europe to having the most stringent data laws in the world,” - Ross McKean, partner at law firm Olswang.
But what about PECR - the Privacy and Electronics Communications Regulations? There was a lot of talk last year that the PECR would be the only legislation impacting telemarketers operating in the UK. For those not in the know, this is a set of regulations, also known as the ‘e-privacy directive’, that were derived from European Directives prior to the GDPR. They were the law for UK-based marketers and some thought that these would act instead of the GDPR for UK B2B marketers, especially in light of Brexit. It has now been made clear, following the leak of review papers earlier this month, that the PECR will not be a ‘get out of jail free card’ for UK marketing.
“Nothing in these Regulations shall relieve a person of his obligations under the Data Protection Act in relation to the processing of personal data.” The Information Commissioner’s Office
The memo that leaked before Christmas, regarding the European Commission’s proposals for legislation, had led many to think that B2B marketing would be entirely strangled by the Regulation. Now that the draft in the memo has been modified and officially put forward, things do not seem as bad as all that. While changes are clearly going to have to happen, there was a fear that we, as B2B marketers, would not be able to send any communication to an organisation unless relating to an already agreed communication. This would have meant no unsolicited emails to existing contacts about other services or products that you could offer them. As it stands you will be able to email an individual you previously dealt with about something new as long as the following criteria are met:
- The communication must be about a topic, product or service similar to the previous engagement
- The contact must be made aware, on giving over their contact details, that you will use it to keep in touch regarding services
- The contact must be offered an opt-out option on all such communications
So, unless you are way ahead of your time, you have just sixteen months to bring your business in line with a complex set of legal requirements. The fines – up to €20,000,000 or 4% of global turnover, whichever is the higher – will be crippling to those that are not ready and the likelihood of British firms being treated likely in the current environment seems slim.
- Don’t Panic! Well, maybe a little if you haven’t started yet. There is time to prepare, there are opportunities to use this business-critical mission to refine your pipeline, to focus on higher quality contacts, to cut the chaff. But the time is now. We have already outlined the key strategic points marketers looking at GDPR, and anyone running a business, should be aware of.
We cannot emphasise enough the importance of seeking legal advice, specific to your business.
Having a robust data management policy will be essential for every business. Having a certified Data Processing Officer might also be your next step. Each business will face its own challenges and we strongly advise that you seek legal counsel and have a trusted source review all of your data collection systems for potential risk.
SEEK LEGAL ADVICE - this is a complex piece of legislation and we are not lawyers. The article above represents our understanding of business critical aspects of GDPR. We advise that any business seeks out certified legal advice prior to the GDPR becoming UK law.
- DOWNLOAD A FREE GDPR GUIDE FOR MARKETERS: Do you need to get your organisation ready for GDPR? Click the link or the button below and get our free guide: What Marketers Can Do About the New European Data Protection Regulation