In the next few weeks, businesses will be preparing for Cyber Week (otherwise known as ‘Black Friday’ and ‘Cyber Monday’).
If businesses want to make the most out of the most important retail event of the calendar year, it is imperative that they are aware of the legal restrictions around certain forms of marketing, and the legal implications of certain promotional activities that you may have planned. GDPR and its implications for data protection are proving to have majorly altered the ways in which brands manage their clients’ and customers’ information.
The risks of getting it wrong
We have already seen some very high profile cases this year involving data breaches which will likely attract substantial fines form the ICO. But there’s no need to look at this new trading landscape as an overall negative for your business. As discussed by LawBrief GDPR expert Jessica Mumby, there are many ways that being fully GDPR compliant will be of benefit to your organisation.
Online trading compliance – key areas
GDPR came into force in May 2018, which means there are additional limitations on what you can do with customer personal data. Here are some examples:
- You must make sure you have specific consent from customers to hold their personal data for any and all reasons you plan to use it
- Online forms, whether for login details, for online competitions or subscription services, often include items such as “please tick here if you want to be added to our mailing list”. These can no longer be pre-ticked – the customer has to physically tick the box to be contacted by you again
- This extends to signing up for prize draws. You cannot and must not automatically add customers to your mailing list if they sign up to a prize draw, or make it a condition of being entered into the prize draw that you can contact them at a later date
Please remember that all online terms and conditions, customer contracts, etc. must be GDPR compliant. There must also be privacy notices available for your customers to view (make sure the notice is on your website). This means that you must state whether you are acting as data processor and/or data controller, what processes and procedures you have in place to keep personal data secure, and the procedures for customers to access the personal data you hold on them (subject access requests).
ICO fines are already in play
In addition, the Information Commissioner’s Office (ICO) has been given new powers to fine companies up to £500,000 for nuisance calls. It is now a legal requirement for individuals to specifically ‘opt in’ to receive these calls, rather than opt out. This should be borne in mind when considering launching any telephone marketing campaign in the lead up to Cyber Week.
Finally, if you needed a reminder as to the importance of complying with GDPR, consider the recent enforcement action brought by the ICO against Everything DM Ltd. This marketing agency was fined £60,000 on 5 September 2018 for sending out 1.42 million emails to prospective customers. Everything DM Ltd could not prove that the recipients had consented to receive these emails.
How to get prepared
If you are not sure that you are fully GDPR compliant, LawBite is here to help. Please get in touch with a member of the LawBite team to receive a 10% discount on our GDPR Rescue Pack including: 12 GDPR compliant templates and a 30-minute GDPR audit consultation and 2 hours of specific GDPR legal advice for only £445 + VAT. Please quote discount code CYBER10, valid until 26 November 11.59pm.
For further business legal advice, you can contact the author of this article LawBrief, Barbara Jamieson. For expert business legal advice, please enter an enquiry or call us today on 020 7148 1066 to speak to a member of our friendly Client Care Team.