Direct Marketing and GDPR – FACT vs MYTH
The introduction of the new privacy legislation in May 2018 has brought about a lot of confusion in the business world.
Whilst that confusion is slowly being clarified, there remain some common myths about what can and can’t be done. This blog aims to clarify some of those myths.
You can’t market to new prospects under GDPR
MYTH. Whilst the new Regulations bring in more accountability and transparency, it doesn’t mean you have to stop marketing to new prospects. Providing you can satisfy any one of the 6 lawful grounds for the processing of Personal Information, then you can continue to market to new prospects.
You can’t buy marketing lists under GDPR
MYTH. Whilst many cite “Consent” as being essential under GDPR, it is only one of the aforementioned 6 lawful grounds for the processing of Personal Information. Legitimate Interest (now commonly referred to as “LI”) is another such lawful grounds and, subject to meeting certain criteria, can be relied upon as the lawful basis for the use of third party data for direct marketing. In fact, GDPR specifically mentions LI as being likely a more appropriate lawful grounds to rely upon when conducting direct marketing. However, if purchasing a marketing list, you need to be certain that your supplier is providing GDPR compliant marketing data.
GDPR doesn’t apply to Business to Business – it only applies to Business to Consumer
MYTH. Whilst B2C is more widely affected by the new regulations, they apply to ALL Personal Information. You need consent to market to individual and this includes sole traders, partnership – However you dont need consent when email personal business email address when the company is a limited company PLC or Government organisation such as a school, NHS, local government etc.
However, generic emails (i.e. [email protected]) don’t belong to an individual, so aren’t affected (although with emails, you also need to consider the Privacy and Electronic Communications Regulations “PECR” if conducting direct marketing emails to any email address).
A breach can result in a company being fined millions
FACT. There have been many articles published about the extent of the fines that could be issued where a breach occurs. However, the ICO has stated that it is intent on guiding, advising and educating organisations about how to comply with GDPR. It stated that the issuing of fines would be only as a last resort, such as for those who either ignore advice or repeat offend.
You can’t electronically clean data under GDPR
MYTH. An essential element of the new Regulations is that companies MUST keep any personal information held on their employees, customers and prospects alike accurate and up-to-date. As such, it’s imperative that companies maintain their databases to the highest standards. Regular contact with their prospects and customers helps to maintain the data and a great way of doing this is through the production of regular email broadcasts, such as monthly newsletters. Another way is by using a third party company such as Data Bubble to audit and cleanse your database.
GDPR will not apply to UK businesses if we leave the EU
MYTH. Even though GDPR itself may not be the law if the UK leaves the EU, the UK Government has stated that the Regulations would be incorporated into UK law. As such, the best stance to adopt is to act as though GDPR is here to stay.
For more information, visit the ICO website on https://ico.org.uk
If you need help with your marketing, then please do get in touch call us on 01274 965411 or email us [email protected]