FACT vs MYTH around Direct Marketing and GDPR
The introduction of the new privacy legislation in May 2018 has brought about a lot of confusion in the business world. Whilst that confusion is slowly being clarified, there remain some common myths about what can and can’t be done. This blog aims to clarify some of those myths.
You can’t market to new prospects under GDPR
MYTH. Whilst the new Regulations bring in more accountability and transparency, it doesn’t mean you have to stop marketing to new prospects. Providing you can satisfy any one of the 6 lawful grounds for the processing of Personal Information, then you can continue to market to new prospects.
You can’t buy marketing lists under GDPR
MYTH. Whilst many cite “Consent” as being essential under GDPR, it is only one of the aforementioned 6 lawful grounds for the processing of Personal Information. Legitimate Interest (now commonly referred to as “LI”) is another such lawful grounds and, subject to meeting certain criteria, can be relied upon as the lawful basis for the use of third party data for direct marketing. In fact, GDPR specifically mentions LI as being likely a more appropriate lawful grounds to rely upon when conducting direct marketing. However, if purchasing a marketing list, you need to be certain that your supplier is providing GDPR compliant marketing data.
GDPR doesn’t apply to Business to Business – it only applies to Business to Consumer
MYTH. Whilst B2C is more widely affected by the new regulations, they apply to ALL Personal Information. As such, any piece of information that can be linked to an individual is affected by GDPR. For example, a “personal” work email address (i.e. firstname.lastname@example.org) is affected, as it belongs to an identifiable individual. However, generic emails (i.e. email@example.com) don’t belong to an individual, so aren’t affected (although with emails, you also need to consider the Privacy and Electronic Communications Regulations “PECR” if conducting direct marketing emails to any email address). It is also worth noting that it applies to all personal information held on a company’s employees, not just customers and prospects.
A breach can result in a company being fined millions
FACT. There have been many articles published about the extent of the fines that could be issued where a breach occurs. However, the ICO has stated that it is intent on guiding, advising and educating organisations about how to comply with GDPR. It stated that the issuing of fines would be only as a last resort, such as for those who either ignore advice or repeat offend.
You can’t electronically clean data under GDPR
MYTH. An essential element of the new Regulations is that companies MUST keep any personal information held on their employees, customers and prospects alike accurate and up-to-date. As such, it’s imperative that companies maintain their databases to the highest standards. Regular contact with their prospects and customers helps to maintain the data and a great way of doing this is through the production of regular email broadcasts, such as monthly newsletters. Another way is by using a third party company such as Data Bubble to audit and cleanse your database.
GDPR will not apply to UK businesses if we leave the EU
MYTH. Even though GDPR itself may not be the law if the UK leaves the EU, the UK Government has stated that the Regulations would be incorporated into UK law. As such, the best stance to adopt is to act as though GDPR is here to stay.
For more information, visit the ICO website on https://ico.org.uk