The new EU data legislation has been a topic of much concern for businesses for some time now. For good reason too, as it will have a big impact on how marketing is conducted throughout the EU. The final interpretation of the text is now set in stone as the GDPR has now been ratified by the EU Parliament and the industry is expecting guidance from the ICO soon. Whilst we await the guidance some areas are known and will directly impact how marketers can/will use data.
A fundamental change will be the removal of the difference between the ways B2B and B2C marketing can currently operate. The argument here seems to be that at the end of the day it’s an individual that is contacted for marketing purposes in both instances. Furthermore having data on a person’s job title, place of work or similar can be deemed personal information just as having a person’s age or marital status and therefore B2B and B2C marketing should be regarded in the same way.
From an email marketing perspective, this would mean that an opt-in is required prior to sending marketing messages to individuals. Within the UK, this has not previously been the case with inferred opt-in being sufficient and indeed this has also been the case in some other EU countries. On the other hand, in many of the other EU countries such as Germany for instance, opt-in has always been the default.
This is just one of many changes that will be implemented as a result of the new legislation. All marketers must start to consider how prepared their organisations are to address critical change and how this change will be handled. For instance for those that have been working on the assumption of UK legislation, this would mean that all data used for email marketing would need to be opted in prior to continued use.
Here are a few initial questions that might be worth considering:
- How is marketing data gathered?
- What is the opt-in policy in use?
- How is opt-in recorded per marketing channel?
- What steps need to be taken to ensure data compliance with the new legislation?
When the final text has been localised, signed off and released to all EU countries, compliance to the new legislation will need to be met within two years. The final localised versions are expected to be released soon meaning that by 2018 compliance with the new legislation will be required and indeed enforced. It should be remembered that businesses who are deemed non-compliant will undoubtedly suffer serious consequences with the level of fines increasing for non-compliant businesses. Indeed the number of fines and the size of the fines issued by the ICO (Information Commissioners Office) in the UK over the last year has increased dramatically.
The year 2018 may seem like a long time away but considering the size of your marketing database as well as the number of countries your company currently markets to, this might not be much time at all to get ready.
Luckily, we can assist businesses with the implementation of actions and programmes to ensure data compliance so just give us a call to discuss your requirements further.