The new landscape
Only last year The Economist said that personal data was the new oil and the world’s most powerful resource. The ways in which businesses can use personal data in their marketing activities has been fundamentally changed with the introduction of GDPR, the new set of data protection regulations that have changed the face of marketing as we knew it. GDPR has also resulted in customers becoming increasingly aware of their digital footprint and personal information usage rights. These two things together have resulted in marketing teams now needing to be completely GDPR compliant in their communications efforts to acquire and use consumers’ personal data.
What data is affected by GDPR?
The EU has defined ‘personal data’ as including any information which can be used to directly or indirectly identify an individual or ‘data subject’. This includes information such as someone’s email address, name, age, photo and IP address.
The Consumer view
Interestingly, research recently conducted by Marketing Week has revealed that most consumers do not feel any better off in term of their personal data’s usage. When asked ‘What impact has GDPR had on your overall experience with brands?' 65% said ‘no change’. While over a third (36%) believe that companies have used their personal data without their consent since the introduction of GDPR. It’s not all negative from the consumer’s side, however, a recent survey by the DMA found that 73% of people agree that in today's online world there is an acceptance that you have to provide personal information in order to benefit from certain services.
Advice for marketers
Although on the surface GDPR may seem incredibly extreme in its scope for businesses, especially those operating on a smaller scale, there are a few practical, common-sense steps you should take to help you towards compliance. Marketers should really focus on these three specific areas to avoid problems:
- Data permission
- Data access
- Data focus
What to do in case of a data breach
You must notify the ICO within 72 hours of any breach you discover. You must also ensure that any third parties who you work with are aware and able to respond quickly. The ICO has a detailed set of guidelines on what is required in the era of GDPR in the case of a data breach.
Enforcement and potential fines
While the ICO has yet to issue a penalty for a breach of data since the full implementation of GDPR, there have already been some very high profile cases this year involving data breaches which may eventually result in substantial fines. We do know, however, that non-compliance can result in significant levels of administrative fines, with the two tiers being: up to 10 million Euros or 2% of an organisation’s annual turnover – whichever is greater. up to 20 million Euros or 4% of an organisation’s annual turnover – whichever is greater.
The business upside
It should be remembered that GDPR is not designed to stop businesses from communicating with their customers. A commitment to quality data practices has rewards for marketers as well. As discussed in a previous LawBite blog article, there are many ways that being fully GDPR compliant will be of benefit to your organisation. If you are not sure that you are fully GDPR compliant, LawBite is here to help. Please get in touch with a member of the LawBite team to receive a 10% discount on our GDPR Rescue Pack including: 12 GDPR compliant templates and a 30-minute GDPR audit consultation and 2 hours of specific GDPR legal advice for only £445 + VAT. Please quote discount code CYBER10, valid until 26 November 11.59pm. This article is written by Michael Jaiyeola from LawBite. For expert business legal advice, please do enter an enquiry or call us today on 020 7148 1066 to speak to a member of our friendly Client Care Team.
Journey further… GDPR Checklist GDPR Products and Services LawBite GDPR Rescue Package GDPR FAQs Disclaimer: This blog post should not be used as a complete guide to EU data privacy nor as legal advice for your company to use in complying with EU data privacy laws like the GDPR. This post is for informative purposes only - you should not rely on it as legal advice or recommendation of any particular legal understanding.