• Technology
  • June 17, 2020

GDPR And Digital Marketing | Cyber Week 2018

 CYBER WEEK – Black Friday through to Cyber Monday around Thanksgiving in the US, and increasingly the days either side of these dates is becoming by far the most lucrative online trading period of the year. LawBriefs lawyer, Barbara Jamieson, recently wrote on our blog about some of the key legal aspects for making your business' Cyber Week a commercial success. Here we put on our marketer's hat and look at the impact of the European Union’s General Data Protection Regulation (GDPR) on some of those core marketing techniques that you have used for previous Cyber Week campaigns.

The new landscape
Only last year The Economist said that personal data was the new oil and the world’s most powerful resource. The ways in which businesses can use personal data in their marketing activities has been fundamentally changed with the introduction of GDPR, the new set of data protection regulations that have changed the face of marketing as we knew it. GDPR has also resulted in customers becoming increasingly aware of their digital footprint and personal information usage rights. These two things together have resulted in marketing teams now needing to be completely GDPR compliant in their communications efforts to acquire and use consumers’ personal data.

What data is affected by GDPR?
The EU has defined ‘personal data’ as including any information which can be used to directly or indirectly identify an individual or ‘data subject’. This includes information such as someone’s email address, name, age, photo and IP address.

The Consumer view
Interestingly, research recently conducted by Marketing Week has revealed that most consumers do not feel any better off in term of their personal data’s usage. When asked ‘What impact has GDPR had on your overall experience with brands?' 65% said ‘no change’. While over a third (36%) believe that companies have used their personal data without their consent since the introduction of GDPR. It’s not all negative from the consumer’s side, however, a recent survey by the DMA found that 73% of people agree that in today's online world there is an acceptance that you have to provide personal information in order to benefit from certain services.

Advice for marketers 
Although on the surface GDPR may seem incredibly extreme in its scope for businesses, especially those operating on a smaller scale, there are a few practical, common-sense steps you should take to help you towards compliance. Marketers should really focus on these three specific areas to avoid problems: 
  • Data permission
  • Data access
  • Data focus
The key point is that individuals must be able to both easily access their personal data and remove consent for its use. An example of this would involve you ensuring that you include an unsubscribe link within your Cyber Week promotional emails. You should also have a separate link which goes to the user’s preferences and allows them to manage how you communicate with them. Reliance on ‘legitimate interest’ as a route to compliance is not really the best policy from a business legal advice standpoint. It may well keep you covered within the regulations in the B2B environment but for B2C the threshold for consent is much higher. This means that activities involving third-party data sources such as buying data lists, affiliate marketing and use of ad tech companies as data processors are all far less attractive for many advertisers. This extends to the use of behavioural data as a whole for your marketing activity. The use of cookies to track individuals online activity has become far reduced because of GDPR. A combination of search engines enacting policies to block third-party cookies and ad blockers means that retargeting of display ads will potentially continue to fall in comparison to contextual content based display ads. Facebook is one platform who are creatively trying to work around possible advertising revenue losses by moving towards using a first-party cookie with their Facebook pixel.     

What to do in case of a data breach
You must notify the ICO within 72 hours of any breach you discover. You must also ensure that any third parties who you work with are aware and able to respond quickly. The ICO has a detailed set of guidelines on what is required in the era of GDPR in the case of a data breach.

Enforcement and potential fines
While the ICO has yet to issue a penalty for a breach of data since the full implementation of GDPR, there have already been some very high profile cases this year involving data breaches which may eventually result in substantial fines. We do know, however, that non-compliance can result in significant levels of administrative fines, with the two tiers being: up to 10 million Euros or 2% of an organisation’s annual turnover – whichever is greater. up to 20 million Euros or 4% of an organisation’s annual turnover – whichever is greater.

Moving forward
When engaging with your customers through your outbound comms you should shift focus into only requesting information that you genuinely need and move away from asking for those bits of information which can be classified as ‘nice to have’. It is unlikely that behavioural data collection will end completely. The use of cookies, device tracking, and internet monitoring will continue especially outside of the European Union and the jurisdiction of GDPR. For the time being, even within the European Union, consumers can still assume that their behavioural data is being stored – although with increased transparency and accessibility if and when requested.

The business upside
It should be remembered that GDPR is not designed to stop businesses from communicating with their customers. A commitment to quality data practices has rewards for marketers as well. As discussed in a previous LawBite blog article, there are many ways that being fully GDPR compliant will be of benefit to your organisation. If you are not sure that you are fully GDPR compliant, LawBite is here to help. Please get in touch with a member of the LawBite team to receive a 10% discount on our GDPR Rescue Pack including: 12 GDPR compliant templates and a 30-minute GDPR audit consultation and 2 hours of specific GDPR legal advice for only £445 + VAT. Please quote discount code CYBER10, valid until 26 November 11.59pm. This article is written by Michael Jaiyeola from LawBite. For expert business legal advice, please do enter an enquiry or call us today on 020 7148 1066 to speak to a member of our friendly Client Care Team.

Journey further… GDPR Checklist GDPR Products and Services LawBite GDPR Rescue Package GDPR FAQs   Disclaimer: This blog post should not be used as a complete guide to EU data privacy nor as legal advice for your company to use in complying with EU data privacy laws like the GDPR. This post is for informative purposes only - you should not rely on it as legal advice or recommendation of any particular legal understanding.

In closing

Nothing in this article constitutes legal advice on which you should rely. The article is provided for general information purposes only. Professional legal advice should always be sought before taking any action relating to or relying on the content of this article. Our Platform Terms of Use apply to this article.

Related Articles

Read more of our latest blog posts, featuring all the latest legal news, analysis and opinion from our expert lawyers.

blog image
  • By LawBite Team
  • May 01, 2022
What are Articles of Association?

Setting up a limited company is one of the most common routes entrepreneurs take when they start their business. If you have decided to take this r...

blog image
  • By LawBite Team
  • May 01, 2022
Do I need a privacy policy on my website?

The short answer is yes, all businesses that process personal data must have a detailed privacy policy. In most cases, a privacy policy will sit on...

blog image
  • By LawBite Team
  • April 13, 2022
Understanding Conflict of Interest (COI)

One thing our lawyers consistently emphasise to our clients is the importance of having well-considered and expertly drafted documentation, for exa...


LawBite can help you

LawBite is on a mission to provide business legal advice that is easier to access, clearer to understand and much cheaper. Our on-line legal advice platform can quickly connect you with expert business legal advice. Our friendly, highly qualified business lawyers, solicitors and mediators will give you the guidance and reassurance that comes from customised legal advice for small and medium sized business.

Whether you are bringing or defending a legal claim, outsourcing work, want a business contract review to ward off disagreements, talk to an expert trademark lawyer, resolve a contractual dispute with methods like mediation and arbitration, or getting your new company set up and on the right footing with a robust shareholder agreement and GDPR standards, we can help you succeed.

defend a claim

Talk to a Lawyer

Book a Call
defend a claim

Essentials Plan

Join for Free