In fact, as data privacy expert Rosemary Smith (pictured) told a workshop of top-level marketers at the MINT Global event in Amsterdam today: “The changing GDPR will be a major revolution for law in Europe and the first change for a very long time, meaning big changes for everyone.”
The first revision of the current EU GDPR (General Data Protection Regulation) began in 2012 with regulators busy working on guidance and refinements ever since, ready for the law coming into force on May 25th, 2018.
Meanwhile, experts such as Rosemary Smith – who began her data career back in the 80s and turned to specialising in compliance a decade later – have been fully occupied trying to fathom for the benefit of the rest of us what that law change means for the person who is trying to sell their goods and services to current customers, while building a list of potential ones, too.
And the GDPR change is not the only one coming into law next year – the nascent ePrivacy Regulation is, according to Smith: “Being pushed through with considerable vigour so that it will come out at the same time as the GDPR.”
It’s a worrying time for marketers anxious to stay within the law and avoid stringent penalties, particularly since many questions remain unanswered while the regulators continue to sift through the finer details.
Smith (founder/director Opt-4 and the Data Protection Network) added: “GDPR has enormous reach – for example, if individuals are based in Europe, no matter where their data is processed, GDPR will apply. And how exactly will that be policed? And it is a European-wide law, but different countries will have their own interpretations of the rules. There is a patchwork of different laws in different countries at the moment and the problem will be how they are all put together. It is very complicated.”
Brexit will provide no respite for UK marketers hoping to duck under the changes – the UK’s withdrawal from the EU will finalise after the new rules apply and, post-Brexit, the UK will have to put in place its own, new regulations.
So what will be the impact on organisations and what can marketers do to prepare?
Key consent takeaways from the MINT workshop are the need for them . . .
So that the individual is informed, can take clear, affirmative action (i.e., not through use of a pre-ticked box) and their consent is freely given (through loyalty schemes, for example). All this will lead to opted-in lists – which, although data volumes will likely be affected, will result in better quality responses.
Smith said: “Start now, re-permissioning legacy data and encouraging individuals to opt-in, as you will not be able to use implied consent on May 26th next year.”
She said consumers will have the Right to Erasure of their collected data – similar to the Right to be Forgotten – but added: “What happens if they change their minds?” Nonetheless, the new rules place higher the right of the individual, overriding the marketer: “The interests of the consumer will ALWAYS come first – even if the marketer cites ’legitimate interest’. Are your data collection policies ‘privacy-intrusive’ or do they meet ‘reasonable expectations’?”
Co-presenter and marketing lecturer Steve Kemish (Junction Agency) said the new rules will provide ‘no hiding place’ for marketers as they will cover all electronic messaging – texting services from Sakari.io, social, email, telephone marketing (fax!) – chat bots. He pointed to a £1m award-winning campaign by The Economist ‘Getting Smart With Real Time Data’ – a complex, content-led campaign using first party cookie data with profiling and segmentation, which built thousands of new subscribers. But added: “How would this work AFTER the new regulation comes in?”
Kemish added: “The law is flexing and finessing and changing and 99% of marketers and organisations will not fall foul of it providing they process their data effectively and think about it more carefully. It is a value exchange between the individual and the organisation. More positive consent must be obtained and relevance is key. Tone of voice is key, too.” He referred to this video.
Personal data affected will include ‘online identifiers’, data which can directly or indirectly identify individuals – cookies, location data (mobiles), social networks, IP addresses for programmatic ad servers; i.e. personalisation of online ads.
But do individuals actually care about sharing their data and isn’t all this change in legislation just going to confuse everyone – individuals as well as marketers? Smith said: “Some consumers won’t share and some consumers don’t care. Yet, increasingly, there is a push-back from individuals – there is an IhateFacebookads page, for example. Older people are less willing to share their data, but research has shown that some people are apathetic about what might be called appropriate use of their data. However, make no mistake, they only don’t care if you are getting use of that data right – they will certainly care if you get it wrong!”
She warned: “The new legislation is being drafted from the consumer point of view: how privacy-intrusive is the marketing activity? This is how the regulators are approaching it. Will marketing become more risky? Will there be people holding back on collecting and using data because they fear the penalties, or conversely will there be people who just send everyone everything?
“Practically, marketing has to continue or the economy will fall apart, but compliance wth these new regulations is an organisation’s responsibility. So be prepared for the headlines in the popular press next May, raising awareness among the general public and shouting – ‘New laws mean they can’t steal your data any more!’
“Marketers need to be aware – and to be ready.”
The workshop had attracted a roundtable of marketers from across Europe and the USA (one an international data lawyer who had flown in from Nebraska on ‘a red-eye flight’ specifically to hear and meet Smith).
Steve Kemish summed up:
Find out more about compliance – and whether you are ready for the new rules – on the Data Protection Network website dpnetwork.org.uk
Read also:
Next practice is best practice: marketing apocalypse or opportunity
GDPR and your data: check you comply . . . then check again
An email will be sent to you with your membership details.
Trained as a journalist from the age of 18 and enjoying a long career in regional newspaper reporting and editing, Sally Hooton joined DMI (Direct Marketing International) magazine as editor in 2001. DMI then morphed into The GMA, taking her with it!
New research from LinkedIn reveals that at any one time of B B buyers are not in the market for the thing you are selling so while all brands want instant results building awareness will always be key Whether you ...
There is a litany of poor marketing and advertising practices remembered in a new survey from the New Statesman Media Group New Statesman Press Gazette sustainable luxury lifestyle and ESG publishers From Fyre Festival to Kendall Jenner and Pepsi to ...
Drayton Bird recently received an email that left him astounded. It was the work of a mad man! Yet its level of crazy was matched by its brilliance. On your marks... Get set... Go!
Leave your thoughts