A topic that regularly appears on our client’s agenda right now is GDPR, or the General Data Protection Regulation, to give it its full title. There is an understanding that within the world of Marketing, this new regulation could significantly impact the way that we work.
The problem is, no one really understands what exactly it means, simply because:
- Brexit continues to cause instability and there remain questions around whether we will need to comply once we have left the EU – we probably will.
- National governments and industry regulators are still deciphering the new legislation and how it can be interpreted.
When does GDPR come into force?
GDPR was adopted back in April 2016 and we are now in the two-year grace period designed to give companies the opportunity to implement these new processes.
The key date to remember here is May 25 2018, this marks the end of said grace period and as such organizations will need to have all new processes in place by this time.
Who does GDPR apply to?
The general rule of thumb is that if you currently abide by the Data Protection Act (DPA), then it is likely that GDPR will apply to you and your business. This is because, like the DPA, GDPR relates to ‘personal data’. What GDPR makes clearer however, is what falls into this category of ‘personal data’, and within a Marketing context it now includes:
- Job Title
- Work address
- Home address
- Work email address
- Personal email address
- IP address
Obviously, this is not an exhaustive list, but it gives you an idea of just how extensive the new regulation is. The key point to remember here is that there is no distinction between personal and business information anymore.
What does GDPR cover?
Right now, our primary focus on GDPR compliance revolves around consent. Under GDPR, consent must be ‘freely given, specific and informed’. Consent can no longer be given via pre-ticked boxes, silence or inactivity. Consent must also be verifiable, so all Marketers will need to record when and where consent was given. If you capturing data at any stage in your Marketing campaign, then you need to think about how you begin to legislate for this change, sooner rather than later. We ran a webinar back in September 2016 that provide some guidance around how GDPR might impact future Marketing campaigns, you can watch a recording here.
What do I need to do next?
Assuming you’re reading this blog post before May 2018, you still have time to prepare and act! Since the situation is constantly changing, we’d recommend keeping a regular eye on the Information Commissioner’s Office site or signing up for one of many, many webinars popping up on the subject. We’ll also be producing more content around the topic as the reality of the situation becomes clearer.
But if you would like to have a chat about what you can do today, feel free to get in touch with us.