Filter by/
Region/  All
Type/  All
Sorted By/  Most Recent

Customer consent and new regulations: check-out your ‘golden ticket’

By / / In Best practice /
Do you have clear permission to contact your customers, a ‘golden ticket’ of consent? And can your customers easily opt-out and withdraw that consent? Scrutinise your data protection and ePrivacy strategy now, as new regulations come into force next year – and millions of pounds in fines will doubtless be levied on companies that have failed to prepare and follow the guidelines.
new regulations

Much like Willy Wonka’s Chocolate Factory, a ‘golden’ ticket to the UK’s Information Commissioners Office (ICO) Data Protection Practitioners’ Conference is highly sought after. Many apply, but few get the opportunity to attend.

However, I seemingly have the luck of Charlie Bucket and this is the second consecutive year that I have had the pleasure of joining the ICO in Manchester for its annual event.

With the EU GDPR just over 12 months away and the new ePrivacy regulation hot on its heels, this year’s annual conference was the ideal opportunity for the ICO to reinforce its appetite regarding looming regulation, along with its enforcement – namely EU GDPR. Furthermore, it was the perfect forum for those working at the coal-face of the data-driven marketing industry to gauge the mood of the regulator and ensure its voice is heard.

Policing the new regulations

What is apparent is that while the ICO is empathetic to the commercial challenges organisations face, it also needs to be mercenary in its policing of the regulations and subsequent prosecutions. There is a sense of inevitability that there will be a big scalp taken soon after 25th May next year (the date GDPR comes in to force), as the regulators throughout Europe look to assert the new regulation. Undoubtedly, the media is waiting with baited breath to write the first headlines of company X being fined millions of pounds for non-compliance.

Clearly, we need a strong regulator that helps to keep industry in check, and those who diligently follow the rules should have nothing to fear. However, before you can adhere to the rules you first must have consensus on their interpretation. I have lost count of the number of conversations I have had in relation to GDPR, during which there has been a chasm of misunderstanding regarding what is and isn’t permissible.

Valid consent was one such issue that proved to be a hot topic at the conference. Last week, the ICO published its consultation on GDPR Consent Guidance, which commenced on 2nd March and closes at the end of the month, with the final guidance scheduled for publication in May. The consultation explains how GDPR sets a high standard for consent and that it builds on the Data Protection Act 1998 (DPA) standard of consent in a number of areas. It also stresses that it contains significantly more detail that codifies existing European guidance and good practice.

It appears that there has been a change of mood since the previous guidelines and what has now been proposed initially appears ‘tougher’.

The same core principles apply in that consent must be freely given, specific, inform and there must be an indication signifying agreement. However, the ICO identifies the greater emphasis that GDPR places on individuals having clear granular choices upfront and the ongoing control they should have over their consent. Organisations will need to have more robust processes for managing records pertaining to consent and provide simple and easy ways for opting out and withdrawing consent.

In the coming weeks, we will be reviewing the guidance in detail before sharing our thoughts with the ICO, with a view to clarifying the final version of the guidelines. It is for reasons such as this that it is so important for industry to accept invitations to attend events such as the ICO’s Data Protection Practitioners’ Conference, as it gives the opportunity to work alongside the regulator. It is just a shame that everyone cannot get a golden ticket.

Read also:

Get your house in order ready for incoming data protection rule

The big shake-up of email marketing – earning the right to use data

Leave your thoughts

Author: Adam Williams

Adam Williams is managing director of DBS Data.

Related reading

Keep up to date with global best practice in data driven marketing